b9d1fd2f34d44cbe67e45b1572217007_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b9d1fd2f34d44cbe67e45b1572217007_JaffaCakes118
Size

108KB
MD5

b9d1fd2f34d44cbe67e45b1572217007
SHA1

434b64642181e6cad1a5697ff0de4bf03a2b2fb7
SHA256

de65e8f0a71667087d71e3ca5f9028ebd232759f5afddc406f29ddd4ee980958
SHA512

2cf0573e27166736761997dbc6d9ba42a5f2e0bcb237a44cb9650bdfe520e615a2339bdec5eab1bb4e0d5efeec67f4b70cde67684df853e35e99d1807418f07f
SSDEEP

1536:mXtKbb8hZMvO6burMC2SU6I5tIrsnqMCAHSkJX2O8uLtp+tcMcBRk:KScZMW6buJjI5EM/yO8qtp+tcMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9d1fd2f34d44cbe67e45b1572217007_JaffaCakes118

Files

b9d1fd2f34d44cbe67e45b1572217007_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d268e8749249cc0a4b090ccdc61d0d9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\프로젝트\방어모듈\guardian\release\gartenc.pdb

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

InterlockedExchange
DeleteFileW
DeleteFileA
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
DuplicateHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
VirtualQuery
SetLastError
GetModuleHandleA
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
GetLastError
GetCurrentThread
LoadLibraryW
FindResourceExA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
CloseHandle
LoadResource
RtlUnwind
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExW
RegEnumKeyExA
RegCloseKey
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCreateKeyW
RegOpenKeyExW
RegSetValueExA
RegDeleteKeyW

shell32

SHGetSpecialFolderPathA

Exports

Exports

InstallHook
UninstallHook

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SPAWNIN
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d268e8749249cc0a4b090ccdc61d0d9e

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4.0MB

.SPAWNIN Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4.0MB

.SPAWNIN
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 18KB