95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118
Size

163KB
MD5

95c77ea0b777d9e2b82136ec0d24151d
SHA1

92486be9ee3505c38330ebcb48ad9af6a6a3e703
SHA256

fad076e6251a6cfac705b8ebb773fa9a975e950d02a463cc1aaf64563ec3af9e
SHA512

36d73b54cd5cf6767142c158cdaf7c1bc2fcaa929227cdba2b9b91dbcd52297923e5a96b7db8f56cb58cbfbe6c8b7e061e3053aa692ba4560a96ee447c19fa45
SSDEEP

3072:O244R/lE7liD1P8sFdXoh1U7Nm9fW1bwjAO7T4NehXn6vn+m5Av+3ywTZ7oWMy43:O2R/lE7aUsDoh+pk3jAO7QehXn6/+maD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118

Files

95c77ea0b777d9e2b82136ec0d24151d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e59c04d08e12917002f04d6418738308

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\build\source\datatype\wm\video\renderer\rel32\wmvrender.pdb

Imports

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
??3@YAXPAX@Z
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
memcpy
strncpy
isupper
_purecall
tolower
??2@YAPAXI@Z
_crt_debugger_hook
_putenv
_vsnprintf
strchr
??_U@YAPAXI@Z
??_V@YAXPAX@Z
atol
atoi
sprintf
strrchr
_stricmp

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
FreeLibrary
SetErrorMode
LoadLibraryA
QueryPerformanceFrequency
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedExchange
Sleep
InterlockedCompareExchange
GetProcAddress

advapi32

RegCloseKey

Exports

Exports

CanUnload2
RMACreateInstance
SetDLLAccessPath

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e59c04d08e12917002f04d6418738308

Headers

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

advapi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.rmnet Size: 71KB - Virtual size: 72KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.rmnet
Size: 71KB - Virtual size: 72KB