b81aa5771f538c05c4ad194cfa28e50a_JaffaCakes118

General

Target

b81aa5771f538c05c4ad194cfa28e50a_JaffaCakes118
Size

212KB
MD5

b81aa5771f538c05c4ad194cfa28e50a
SHA1

99db087f0273a3598d6db0f2a2b4fe85c8d5bcdd
SHA256

4ecf7b650251b4b7731f73acedfeb3a72cdd9bc812391f6e810947ca8d3b6d29
SHA512

0049a729c8c3d82fd3e07a497c5abbbf00673c0239d1df367a3b2d3feee6ff0952e69cac361f71c31cba55b60df1ed65404c1ce04256408a9045b5a2b80e3367
SSDEEP

6144:S8qZOOkvyW2ggH+laecOWuLZ4e0V5wPperq5:S8qMhFLHTme0Epf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b81aa5771f538c05c4ad194cfa28e50a_JaffaCakes118

Files

b81aa5771f538c05c4ad194cfa28e50a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

350d179ed5163fa811b8730bb6e984f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom_core

?assign_from_qi@nsCOMPtr_base@@QAEXVnsQueryInterface@@ABUnsID@@@Z
??1nsCOMPtr_base@@QAE@XZ
?NS_NewGenericModule2@@YAIPBUnsModuleInfo@@PAPAVnsIModule@@@Z

kernel32

LoadLibraryA
GetProcAddress
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
TerminateProcess

msvcr80

fopen
fclose
_get_osfhandle
fflush
memset
fseek
ftell
fread
fwrite
memmove
_encode_pointer
ferror
_encoded_null
free
_fileno
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
_errno
strerror
strcpy
memcpy
strlen
memcmp
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_malloc_crt
_decode_pointer

Exports

Exports

NSGetModule

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

350d179ed5163fa811b8730bb6e984f7

Headers

File Characteristics

Imports

xpcom_core

kernel32

msvcr80

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 8KB - Virtual size: 6KB