b51f4b65249a30e68643d93c6f619c46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b51f4b65249a30e68643d93c6f619c46_JaffaCakes118
Size

77KB
MD5

b51f4b65249a30e68643d93c6f619c46
SHA1

1f0e031787d61ea9387f843f125311ff4fcbe70f
SHA256

63503978c4024dc294111be77161d6c1c4b708f79dbd0c654e7a6e2460f93d7f
SHA512

8ab2d8bbe94c1c1b3c4ea9370c19f2a0d9c228470cd164fadf5d5582255e5a6ede04aa0ed6b698f12d2669908423819294450ffa45449a82f3a14061796d2255
SSDEEP

1536:FaqqU0+O/Otbp2HDeWPf35JIfoFkWZHraDIOlIOPnToIfax9h:Fam+SWPP57Fk6HralvfTBfa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b51f4b65249a30e68643d93c6f619c46_JaffaCakes118

Files

b51f4b65249a30e68643d93c6f619c46_JaffaCakes118
.dll windows:5 windows x86 arch:x86

99e03b466938885e8439c1cddca8d9dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

Q:\Development\Sajuuk-Wtw\.output\libZlib.pdb

Imports

kernel32

CreateFileA
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetLastError
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

_time64
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
srand
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
rand
malloc
free
fclose
fwrite
ferror
fread
fopen
_fseeki64
_ftelli64
_initterm
memset
memcpy

Exports

Exports

adler32
adler32_combine
adler32_combine64
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
deflate
deflateBound
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflatePrime
deflateReset
deflateSetDictionary
deflateSetHeader
deflateTune
fill_win32_filefunc
fill_win32_filefunc64
fill_win32_filefunc64A
fill_win32_filefunc64W
get_crc_table
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCopy
inflateEnd
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetCurrentFileInfo64
unzGetCurrentFileZStreamPos64
unzGetFilePos
unzGetFilePos64
unzGetGlobalComment
unzGetGlobalInfo
unzGetGlobalInfo64
unzGetLocalExtrafield
unzGoToFilePos
unzGoToFilePos64
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpen2_64
unzOpen64
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
unztell64
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipCloseFileInZipRaw64
zipOpen
zipOpen2
zipOpen2_64
zipOpen64
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip2_64
zipOpenNewFileInZip3
zipOpenNewFileInZip3_64
zipOpenNewFileInZip4_64
zipOpenNewFileInZip64
zipWriteInFileInZip
zlibCompileFlags
zlibVersion

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99e03b466938885e8439c1cddca8d9dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 1024B - Virtual size: 692B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 1024B - Virtual size: 692B

.reloc
Size: 1KB - Virtual size: 1KB