95251e229ae3d34a3e8039d771ce8834_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

95251e229ae3d34a3e8039d771ce8834_JaffaCakes118
Size

427KB
MD5

95251e229ae3d34a3e8039d771ce8834
SHA1

98fc181b73fd7e503add2d160bbf383e72ac69a2
SHA256

16126c40e08ee59f73c8261a5d451375b8916997ae330d5eb39d9430ef448756
SHA512

d6751f6e489aa64313bc36aa5d330a0201cbfbeb9a51177d0d07e2021add2902a5e44a06b2f0b4ef49239ce9bc94df2281b01bd7d7a05bfea3d59d755eb06661
SSDEEP

6144:oppCDgBoWn/4kc5wTjSWswsG3e240DfQeeaQeesQeesQeei0QeehQeeSoQwiW4V9:O4EBoW/PhLs/G3PLwmgWs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95251e229ae3d34a3e8039d771ce8834_JaffaCakes118

Files

95251e229ae3d34a3e8039d771ce8834_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f5b8469632aba1065147c2bc51576d6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

J:\MediaBrowser11_11Spring_HDW_VE\Development\Bin\Release\Core\MacsIntegrator\MACS\MacsSurfaceManagerDrawer.pdb

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
GetLastError
GetProcAddress
InterlockedIncrement
InterlockedDecrement
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
CreateFileW
WideCharToMultiByte
GetVersionExA
CloseHandle
UnmapViewOfFile
LoadLibraryExW
GetSystemInfo
IsProcessorFeaturePresent
InterlockedExchange
Sleep
InterlockedCompareExchange
GetFullPathNameA
lstrcmpiA
VirtualFree
VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
DecodePointer
EncodePointer
GetSystemTimeAsFileTime

user32

GetDesktopWindow

gdi32

DeleteObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

msvcr100

longjmp
_setjmp3
isdigit
isspace
_CIpow
_vsnprintf
sscanf
_ftol
ldexp
free
_strdup
setlocale
floor
__CxxFrameHandler
_snprintf
_stricmp
atof
tolower
isalnum
isalpha
isxdigit
toupper
atoi
memmove
qsort
exit
sprintf
strncpy
malloc
fread
fseek
fwrite
fclose
tmpfile
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_finite
_CIacos
_controlfp
wcsncmp
wcsrchr
swprintf_s
wcschr
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
memset
_CIcos
__CxxFrameHandler3

Exports

Exports

DllCreateInstance

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5b8469632aba1065147c2bc51576d6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

msvcr100

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 289KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 40KB - Virtual size: 49KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 19KB

.text
Size: 290KB - Virtual size: 289KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 40KB - Virtual size: 49KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 19KB