b031c48acfe43908a12bcfb4b4d71a3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b031c48acfe43908a12bcfb4b4d71a3b_JaffaCakes118
Size

857KB
MD5

b031c48acfe43908a12bcfb4b4d71a3b
SHA1

b09beb715c411c2f7a880aebdb9be2fe3960554b
SHA256

ee89b658d31da4b628b405499bda69bdfc702862eb57089773a38e3b0efd0e22
SHA512

a5447e55230fd82c6b648677c81b05e01e3c538b7ad99c0d473ed498cc571918b2714f7c3c103d98b08d240ef269361baeebfbdba4e48e24f4761616a0c6cd2b
SSDEEP

24576:6q0oIdPKVQOEGkdIXwqDb2YGbjwRXFBFYM0o:KAVQLGWiwq+CRXFBF4o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b031c48acfe43908a12bcfb4b4d71a3b_JaffaCakes118

Files

b031c48acfe43908a12bcfb4b4d71a3b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f6779486c64c87ccff7fd19fe4cec635

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

linkinfo

CompareLinkInfoVolumes
GetCanonicalPathInfoW
CreateLinkInfoW
DestroyLinkInfo
ResolveLinkInfoA
CreateLinkInfo
CreateLinkInfoA
CompareLinkInfoReferents
ResolveLinkInfoW
IsValidLinkInfo
GetCanonicalPathInfo
GetCanonicalPathInfoA
DisconnectLinkInfo
ResolveLinkInfo
GetLinkInfoData

kernel32

IsValidCodePage
VirtualAlloc
AddConsoleAliasA
GetTapeStatus
BuildCommDCBW
GlobalLock
MoveFileWithProgressA
UpdateResourceA
SetConsoleOutputCP
SetProcessAffinityMask
GetProfileIntA
CreateWaitableTimerA
TransmitCommChar
GlobalAddAtomA
SleepEx
EnumerateLocalComputerNamesA
lstrcatW
AddLocalAlternateComputerNameA
SetConsoleDisplayMode
GetTickCount
EnumCalendarInfoExA
TlsFree
AllocateUserPhysicalPages
FreeLibrary
EnumResourceTypesA
MulDiv
FormatMessageW
FindResourceA
TerminateThread
FindAtomW
GetConsoleAliasW
MapViewOfFile
EnumLanguageGroupLocalesW
GetFileAttributesA
WriteConsoleInputVDMA
GetConsoleNlsMode
FindNextVolumeW
RtlUnwind
SetVolumeLabelA
GetCommTimeouts
CompareStringA
lstrcmp
ConsoleMenuControl
EnumSystemLocalesA
GetConsoleKeyboardLayoutNameW
LoadLibraryA
IsSystemResumeAutomatic
SetThreadUILanguage
SetNamedPipeHandleState
VirtualUnlock

msdart

?sm_dblDfltSpinAdjFctr@CSpinLock@@1NA
?_LockSpin@CReaderWriterLock2@@AAEX_N@Z
?_Unlock@CSpinLock@@AAEXXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
mpRealloc
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
??0CFakeLock@@QAE@XZ
?GetDefaultSpinCount@CFakeLock@@SGGXZ
SetMemHook
?ReadLock@CReaderWriterLock3@@QAEXXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?SetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGXN@Z
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?sm_wDefaultSpinCount@CSpinLock@@1GA

d3dim700

SetLOD
DestroyTexture
D3DMalloc
CreateTexture
D3DFree
FlushD3DDevices
Direct3DCreate
Direct3DCreateDevice
GetLOD
GetPriority
SetPriority
PaletteAssociateNotify
PaletteUpdateNotify
D3DRealloc
SurfaceFlipNotify
D3DTextureUpdate

Sections

.text
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6779486c64c87ccff7fd19fe4cec635

Headers

DLL Characteristics

File Characteristics

Imports

linkinfo

kernel32

msdart

d3dim700

Sections

.text Size: 749KB - Virtual size: 748KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 4KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 749KB - Virtual size: 748KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 4KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB