b3d00110a7bd4693e2dd6ba5f5a59623_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b3d00110a7bd4693e2dd6ba5f5a59623_JaffaCakes118
Size

195KB
MD5

b3d00110a7bd4693e2dd6ba5f5a59623
SHA1

0493e2ceb57ff477276fea1ea817795fecc6dd97
SHA256

1a7cc8400302950f745ef5980d0047b1aacf52f9671d8b7f08d81b4765421738
SHA512

fc4a169a0ea384b683bb2d48420e08d286a891f895638711c6a2e612e97225c5f36b22b62ac211be95ac1c4a89f0a33256e15e6e85a89c64b605d7729e768913
SSDEEP

6144:oS4lggQ4BZrd6T0HTNNKjdJew9VTa4zwlL050bYpKcy:oHS2TNIjDn9YIwK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3d00110a7bd4693e2dd6ba5f5a59623_JaffaCakes118

Files

b3d00110a7bd4693e2dd6ba5f5a59623_JaffaCakes118
.dll windows:5 windows x64 arch:x64

e77a5fe458b7a76c0ed315404b343deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
CloseHandle
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadFile
GetStringTypeW
LCMapStringW
GetVersionExA
LoadLibraryA
GetLastError
GetCurrentThreadId
LocalAlloc
GlobalFree
GetProcAddress
GlobalAlloc
SetFilePointerEx
FreeLibrary
HeapFree
HeapAlloc
GetCommandLineA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
GetConsoleCP
GetConsoleMode
OutputDebugStringW
HeapReAlloc
HeapSize
CompareStringW
ReadConsoleW

user32

GetDesktopWindow
ReleaseDC
GetDC
GetSystemMetrics
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop

gdi32

StretchBlt
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA

advapi32

RevertToSelf

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e77a5fe458b7a76c0ed315404b343deb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 7KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB