b7f73cbd88d2992ac1d652bda1dbc906_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7f73cbd88d2992ac1d652bda1dbc906_JaffaCakes118
Size

67KB
MD5

b7f73cbd88d2992ac1d652bda1dbc906
SHA1

c92959e9e59e2715c4323c4950be5ddc3b0a0d54
SHA256

04386f9360e2f1956e6d19e8f2b8bf1ddc1b7b1a27e454e18b2dd52d85327fb7
SHA512

0c9232dd1bafc1473f567398a4433cb1dadcd4d2eefe6ffb86e54279b9eab82db9274cccc312008436cc693224b17b5d431c06676d295af30edf2dd3782c0904
SSDEEP

1536:KAhwlHAI81nDF4frXMP98fov/FadHII9gtS:KAhwljU4DXMPoov9adHII9MS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7f73cbd88d2992ac1d652bda1dbc906_JaffaCakes118

Files

b7f73cbd88d2992ac1d652bda1dbc906_JaffaCakes118
.dll windows:6 windows x64 arch:x64

ecc648a3836e09e386135004e520c8fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

B:\matlab\bin\win64\generate_diag_message.pdb

Imports

libut

?get_fullname@LoadLibraryExceptionBase@@QEBA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@XZ

libmwi18n

?get_message@MessageCatalog@i18n@fl@@SA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@AEBVBaseMsgID@resource_core@@AEBVMwLocale@23@@Z
?global@MwLocale@i18n@fl@@SAAEBV123@XZ
?to_ustring@i18n@fl@@YA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@PEBD@Z

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_type_info_destroy_list
__current_exception_context
__std_exception_destroy
__current_exception
__std_exception_copy
memmove
_CxxThrowException
memset
__C_specific_handler
__std_terminate
memcpy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_initterm
_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

kernel32

GetModuleHandleW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter

Exports

Exports

?generateDiagnosticMsg@@YA?AV?$basic_string@_SU?$char_traits@_S@std@@V?$allocator@_S@2@@std@@AEBVLoadLibraryExceptionBase@@@Z

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ecc648a3836e09e386135004e520c8fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libut

libmwi18n

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 680B

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 76B

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 680B

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 76B