a477ade6ee057af9a3aa6c5af76ee421_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a477ade6ee057af9a3aa6c5af76ee421_JaffaCakes118
Size

284KB
MD5

a477ade6ee057af9a3aa6c5af76ee421
SHA1

a39a3dfe3398a9bb113ce04cd6e1ad96f85de7ac
SHA256

d70a4c946bb3df799ce8ad8248bf49a60f47b75fa4baef2c794e4055469f0186
SHA512

cf9a7e034e0bed95848e778aae723d4933001ccc7aedb6237ef060f21e494fbc688f18b974c3809a8b5caa584343627dea98b1aaceca0e4b811af3bcf726a937
SSDEEP

3072:1uYxYBNyyNYrcRUyl//2mGRNnZm0Vsf5QD4r9dtUbOCorgakVbg01eYl4LAg0Fu+:1devZNLBXjGRq1w42gh01eY6AOgb19a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a477ade6ee057af9a3aa6c5af76ee421_JaffaCakes118

Files

a477ade6ee057af9a3aa6c5af76ee421_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0deaecac7d1b4fbe386d55a9c1820733

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Nathan Wells\Desktop\removals-src\Source\Release\SavagePrawnBot.pdb

Imports

kernel32

VirtualProtect
GetProcAddress
Sleep
GetModuleHandleA
CreateThread
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetTickCount
IsBadReadPtr
VirtualQuery
HeapAlloc
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
ReadFile
SetEndOfFile
GetCurrentProcessId
QueryPerformanceCounter
GetSystemInfo
VirtualAlloc
LoadLibraryA
GetOEMCP
GetACP
IsBadCodePtr
IsBadWritePtr
SetUnhandledExceptionFilter
SetFilePointer
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
DeleteCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
WriteFile
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
RaiseException
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
InterlockedExchange
CreateFileA

user32

GetAsyncKeyState
FindWindowA
wsprintfA

tier0

Msg
g_VProfCurrentProfile
?GetSubNode@CVProfNode@@QAEPAV1@PBDH0H@Z
?ExitScope@CVProfNode@@QAE_NXZ
Error
g_pMemAlloc
GetCPUInformation
?EnterScope@CVProfNode@@QAEXXZ

vstdlib

Q_snprintf
KeyValuesSystem
Q_strnicmp
Q_strncpy

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0deaecac7d1b4fbe386d55a9c1820733

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

tier0

vstdlib

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 12KB - Virtual size: 252KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 252KB

.reloc
Size: 20KB - Virtual size: 18KB