ac2000ef6fe458b0beadcb49102e59eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ac2000ef6fe458b0beadcb49102e59eb_JaffaCakes118
Size

303KB
MD5

ac2000ef6fe458b0beadcb49102e59eb
SHA1

720de28e9680d64dd951c84f63c888d15c5e81d4
SHA256

81a143ebfc794a117ca7c1697f2dda0a48c1bd570d38148faa506dff24464951
SHA512

b43a543d5910d2703a58c2f4d1ad8ea3468ae7c72b672becd1c3bbaeb43fdc9ce6957e6a66dc9eee0b17f4d7d8990880efdcf9c2f328a71e0270675f1b76df75
SSDEEP

6144:UdJtVdF6b2p+aCs4aiZit+g0QPekyswLCwuSr08hKZFXZoMq3g:UdJbd7ZCsGZih0igTx9nXMOg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac2000ef6fe458b0beadcb49102e59eb_JaffaCakes118

Files

ac2000ef6fe458b0beadcb49102e59eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f2688148983e16ff485fdab178572f7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
OutputDebugStringA
FlushFileBuffers
CloseHandle
lstrlenA
ReadFile
SetStdHandle
LCMapStringW
LCMapStringA
FreeEnvironmentStringsW
GetStringTypeW
FreeEnvironmentStringsA
WideCharToMultiByte
GetModuleHandleA
GetStringTypeA
GetVersion
GetCommandLineA
GetProcAddress
VirtualAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
lstrcpyA
GetModuleFileNameA
RaiseException
SetFilePointer
GetLastError
HeapAlloc
HeapFree
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA

user32

SetRect
GetDC
ReleaseDC

gdi32

CreateCompatibleDC
DeleteDC
DeleteObject
RealizePalette
CreateDIBitmap
SelectPalette

ltkrn13n

ord108
ord151
ord192
ord116
ord137
ord282
ord284
ord196
ord189
ord188
ord134
ord101
ord117
ord120
ord125
ord123
ord129
ord122
ord100
ord191
ord141
ord190
ord283

lvkrn13n

ord122
ord1217
ord1228
ord1229
ord119
ord2400
ord2401
ord2402
ord302
ord206
ord400
ord2300
ord1218
ord1200
ord2110
ord1201
ord2003
ord2000
ord2005
ord2101
ord2001
ord1111
ord1100
ord1110
ord1227
ord2403
ord101
ord100
ord107

ltimg13n

ord168

Exports

Exports

DllMain
fltFreeData
fltInfo
fltLoad
fltSave

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 206KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2688148983e16ff485fdab178572f7f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ltkrn13n

lvkrn13n

ltimg13n

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 13KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text Size: 206KB - Virtual size: 208KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 13KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 206KB - Virtual size: 208KB