887c96bbe564a3f80d10a0506b5e6431_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

887c96bbe564a3f80d10a0506b5e6431_JaffaCakes118
Size

214KB
MD5

887c96bbe564a3f80d10a0506b5e6431
SHA1

f137fd60ad246d86a77dcee1c9014f05e3a8e311
SHA256

8f002f8b6759704b7e9bdb524d1aab25786c46f4d29aa873b88390c351fe74fb
SHA512

970aa211b7584956d879d1a51b86d5a7404acac2fe8797510a228b71930c135d48e45792909cdc361c646dfc0954572ef5df5f23256007df59f6af7c7403b3b7
SSDEEP

3072:M55a/1cZlK/VIOvxhcuPdLxR0iBZVRtVe7YOYCCbFSbsUUTjnmnQirC1w:qEmZav2u3RGNYnFS4LIuw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
887c96bbe564a3f80d10a0506b5e6431_JaffaCakes118

Files

887c96bbe564a3f80d10a0506b5e6431_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bad82162322aba56321eccdf7a090288

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\savxp\build\Symbols\Release\sophos_detoured.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules
GetMappedFileNameW
GetModuleInformation

kernel32

GetThreadContext
FlushFileBuffers
CreateFileA
InitializeCriticalSection
DeleteCriticalSection
ReadFile
EnterCriticalSection
LeaveCriticalSection
CreateFileW
CloseHandle
GetVersionExW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
OpenEventW
WaitForSingleObject
SetFilePointer
GetLastError
GetSystemInfo
GetFileSize
InterlockedCompareExchange
lstrlenW
lstrlenA
LCMapStringW
InterlockedDecrement
InterlockedIncrement
DeviceIoControl
GetCurrentThreadId
SetLastError
MoveFileWithProgressW
CopyFileExW
ReplaceFileW
LoadLibraryExW
FreeLibrary
GetFileAttributesW
GetCurrentThread
DisableThreadLibraryCalls
LocalFree
LoadLibraryW
GetCommandLineW
GetCurrentProcessId
CreateEventW
GetLongPathNameW
Sleep
SuspendThread
VirtualQuery
lstrcpyW
IsBadReadPtr
CallNamedPipeW
WaitNamedPipeW
WriteFile
GetSystemTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushInstructionCache
VirtualAlloc
VirtualProtect
ResumeThread
SetThreadContext
LoadLibraryA
GetModuleHandleA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapReAlloc
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
GetStringTypeA
GetStringTypeW

user32

CreateWindowExW
CallWindowProcW
GetGUIThreadInfo
GetSystemMetrics
LoadStringW
DefWindowProcW
SetWindowLongW

Exports

Exports

Detoured
spa_cbcdec
spa_cbcenc
spa_crypt
spa_init
spa_isweak
spa_sanitise
spa_setk
spmaa_buffer
spmaa_byte
spmaa_finalise2
spmaa_finalise32
spmaa_finalise64
spmaa_init

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bad82162322aba56321eccdf7a090288

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 146KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 11KB - Virtual size: 18KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 147KB - Virtual size: 146KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 11KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB