a76e28e888757c6aa681a65536427469_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a76e28e888757c6aa681a65536427469_JaffaCakes118
Size

240KB
MD5

a76e28e888757c6aa681a65536427469
SHA1

5bcc36f25a57907eb3f92735ad4d26193f61707b
SHA256

f9c0a43db770795566edc984d0a4279b8c4a93b3b8e6e8214e91a1f5f5d00381
SHA512

311a16e6bf2ac4936fc5141d2227f612d8708ee3b7d462844fe87056b881fd6e241dc3ffac4480886448309dc6525493a27fccc0dabfb39cc4d0d8df5e290cc7
SSDEEP

6144:8PQwEqnoXJD8YOAcGDxFcfsujf1CmxHzsN+lA:8aDn3cEGHT2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a76e28e888757c6aa681a65536427469_JaffaCakes118

Files

a76e28e888757c6aa681a65536427469_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6dfa5aedcb827a1c49993b5e76b1ea37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCM80.i386.pdb

Imports

msvcr80

_onexit
_lock
__dllonexit
_unlock
??_V@YAXPAX@Z
_cexit
__FrameUnwindFilter
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_except_handler4_common
??2@YAPAXI@Z
__CxxFrameHandler3
free
??3@YAXPAX@Z
_purecall

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange

user32

PostMessageA
SendMessageA
GetClientRect
CopyRect
GetWindow
SetWindowPos

mfc80

ord1090
ord1091
ord4181
ord4980
ord1599
ord4591
ord6717
ord4273
ord6706
ord1903
ord5174
ord5214
ord3694
ord1982
ord6713
ord2058
ord6719
ord3114
ord3399
ord876
ord578
ord1299
ord783
ord576
ord1185
ord5947
ord3169
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2942
ord2533
ord2646
ord2540
ord2849
ord2714
ord4307
ord2835
ord2731
ord2537
ord1613
ord1612
ord1950
ord3909
ord3906
ord686
ord5571
ord2718
ord4114
ord4117
ord6066
ord3759
ord2653
ord5802
ord4124
ord6064
ord6089
ord3988
ord2163
ord5831
ord5832
ord2146
ord1312
ord1320
ord5315
ord1727
ord3682
ord371
ord1175
ord1098
ord1084
ord454
ord3591
ord5201
ord274
ord5944
ord3085

msvcm80

?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z

mscoree

_CorDllMain

Exports

Exports

MFCM80ReleaseManagedReferences

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dfa5aedcb827a1c49993b5e76b1ea37

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr80

kernel32

user32

mfc80

msvcm80

mscoree

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.data Size: 176KB - Virtual size: 179KB

.rsrc Size: 4KB - Virtual size: 992B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 51KB

.data
Size: 176KB - Virtual size: 179KB

.rsrc
Size: 4KB - Virtual size: 992B

.reloc
Size: 4KB - Virtual size: 1KB