a16df7c6b25beadd7d58ba9184ae6d19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a16df7c6b25beadd7d58ba9184ae6d19_JaffaCakes118
Size

17KB
MD5

a16df7c6b25beadd7d58ba9184ae6d19
SHA1

55bbb903c963bef5ae78f14fcd39ea6c444daa4c
SHA256

1540f850054e047b3640f3376fad49cadede6cd5e42aa04e5d2da163a0a79ae3
SHA512

ba46dd35e35fb72187ba338c2bd8ca3ddbeaad67cd0722a9bdda565628e08a909bb82618f839473dd0ed6d7e847ea9cf8e2dd0e3cd8ea6dda9f6f46e7069dc93
SSDEEP

384:a07XhUb4z4BEgnYJ+YJphUkV2/iX8CgjQbXazn:5CMo++YJHUkYqMCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a16df7c6b25beadd7d58ba9184ae6d19_JaffaCakes118

Files

a16df7c6b25beadd7d58ba9184ae6d19_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7d12d424c3bb1c9ad3cf7c9a75d4e055

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt-ruby191

rb_ary_new
rb_ary_new2
rb_ary_new4
rb_ary_pop
rb_ary_store
rb_block_call
rb_cFalseClass
rb_cFixnum
rb_cNilClass
rb_cObject
rb_cSymbol
rb_cTrueClass
rb_catch
rb_check_type
rb_class2name
rb_const_defined
rb_const_get
rb_const_get_at
rb_data_object_alloc
rb_define_class_under
rb_define_const
rb_define_module
rb_define_private_method
rb_eArgError
rb_eRuntimeError
rb_eTypeError
rb_funcall
rb_gc_mark
rb_hash_aref
rb_id2name
rb_int2big
rb_intern2
rb_iter_break
rb_iv_set
rb_ivar_get
rb_ivar_set
rb_num2long
rb_raise
rb_str_new
ruby_xmalloc
rb_eTypeError
rb_eTypeError
rb_eTypeError
rb_eArgError
rb_eArgError
rb_eArgError
rb_eArgError
rb_cFixnum
rb_cSymbol
rb_cFalseClass
rb_cTrueClass
rb_cNilClass
rb_cObject
rb_cObject
rb_cObject
rb_cObject
rb_eRuntimeError

kernel32

AddAtomA
FindAtomA
GetAtomNameA
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
_assert
_errno
_iob
abort
fflush
free
fwrite
malloc
memcpy
memset
vfprintf

Exports

Exports

Init_cparse

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 628B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d12d424c3bb1c9ad3cf7c9a75d4e055

Headers

File Characteristics

Imports

msvcrt-ruby191

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 628B

.edata Size: 512B - Virtual size: 72B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 564B

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 628B

.edata
Size: 512B - Virtual size: 72B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 564B