a7c3ac7cd679ee4e2972bfd15ccd5c4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7c3ac7cd679ee4e2972bfd15ccd5c4d_JaffaCakes118
Size

212KB
MD5

a7c3ac7cd679ee4e2972bfd15ccd5c4d
SHA1

f98bc6c608175f11d9b2cee6e9ec30cddebb704a
SHA256

c6a1b20cf8ae7e2096bcf24c410b3eba1888d18cd5d3b6c3fba22e9e8ec25a75
SHA512

88be28ee639e5aea09fca50281ad1629de16bb907d78b1210b36298b70dac29df35d1a647d4b215b2db866af6ae2938cc5e7eba6cfd8d75b62e07ee42e2e78c4
SSDEEP

6144:r2rUx07LUvprXrsVfnD0K4COWebmZ9Z70:6rUO/Ux0VfD0fkn90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c3ac7cd679ee4e2972bfd15ccd5c4d_JaffaCakes118

Files

a7c3ac7cd679ee4e2972bfd15ccd5c4d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3e8f17d2cf6b866ba46890889e43a3b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\_build\out\client\CryScriptSystem.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
DebugBreak
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

user32

MessageBoxA

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

??0exception@std@@QAE@ABV01@@Z
memmove_s
_strlwr
__CxxFrameHandler3
fopen
fclose
fflush
fgets
ungetc
getc
fscanf
fseek
fprintf
fread
fwrite
feof
memcpy
fputs
__iob_func
isspace
strtoul
strchr
strcspn
getenv
longjmp
_setjmp3
_difftime64
_gmtime64
_localtime64
_mktime64
_time64
strerror
_errno
tmpfile
ftell
system
remove
rename
tmpnam
_CxxThrowException
strftime
setlocale
isalnum
isdigit
iscntrl
isalpha
_CIsin
vsprintf
_CItan
_CIasin
_CIacos
_CIatan
_CIatan2
ceil
floor
_CIfmod
_CIsqrt
_CIpow
_CIlog
_CIlog10
_CIexp
frexp
ldexp
rand
srand
strtod
strncpy
tolower
toupper
isxdigit
isupper
ispunct
islower
memchr
strpbrk
strcoll
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
free
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
sprintf
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
vsprintf_s
memset
_purecall
_CIcos
exit
clock
_stricmp

Exports

Exports

CreateScriptSystem

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e8f17d2cf6b866ba46890889e43a3b9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 428B

.reloc Size: 8KB - Virtual size: 5KB

.rmnet Size: 52KB - Virtual size: 52KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 428B

.reloc
Size: 8KB - Virtual size: 5KB

.rmnet
Size: 52KB - Virtual size: 52KB