be6c40f3371d2acf04fc08eb98f9df06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be6c40f3371d2acf04fc08eb98f9df06_JaffaCakes118
Size

452KB
MD5

be6c40f3371d2acf04fc08eb98f9df06
SHA1

3c564297078349c2e7d344c86f5422ac4bf007d1
SHA256

4c9357fdec67c8886b7761fff8817063a9c0848474d58af45476c40d83c31bc2
SHA512

baca1faf07aafeb2ac344a4f8905eb45aa473a00b9c9a419f59aad0b4177c5e9c710d04aae3e1c9b1136f8ed64f9272cf46224c1639cf2df2afb697118ddcf86
SSDEEP

12288:+Kp/XsNpXechoq/367f8OnX+81nA+YX8h:+0kNpXechoq/q7UOnXpC+YE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be6c40f3371d2acf04fc08eb98f9df06_JaffaCakes118

Files

be6c40f3371d2acf04fc08eb98f9df06_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a002a552ce855145a897465aecd28498

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
lstrcpyA
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
InterlockedDecrement
InterlockedIncrement
lstrcmpA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
VirtualAlloc
HeapFree
HeapAlloc
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
GetVersion
GetTempPathA
GetCurrentThreadId
GetCurrentThread
GetModuleHandleA
RtlUnwind
GetCommandLineA
ExitProcess
TerminateProcess

ltr13n

ord222
ord292
ord294
ord293
ord284
ord175
ord183
ord174
ord179
ord134
ord101
ord312
ord285
ord116
ord125
ord137
ord308
ord100
ord221
ord129
ord141
ord310
ord109
ord282
ord283
ord97
ord327
ord98
ord181
ord182
ord185
ord184
ord176
ord99

user32

DefWindowProcA
RegisterHotKey
CreateWindowExA
IsWindow
UnregisterHotKey
DestroyWindow
UnregisterClassA
RegisterClassA

Exports

Exports

DllMain
fltComment
fltCompressBuffer
fltDeletePage
fltEndCompressBuffer
fltGetExtension
fltGetStamp
fltGetTag
fltInfo
fltLoad
fltLoadBuffer
fltSave
fltSaveBuffer
fltSetComment
fltSetStamp
fltSetTag
fltStartCompressBuffer
fltTransform

Sections

.text
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a002a552ce855145a897465aecd28498

Headers

File Characteristics

Imports

kernel32

ltr13n

user32

Exports

Exports

Sections

.text Size: 290KB - Virtual size: 290KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 91KB - Virtual size: 92KB

.idata Size: 2KB - Virtual size: 1KB

.data1 Size: 57KB - Virtual size: 56KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 290KB - Virtual size: 290KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 91KB - Virtual size: 92KB

.idata
Size: 2KB - Virtual size: 1KB

.data1
Size: 57KB - Virtual size: 56KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB