d0d6bb10f5beef91b4627ff70077797b_JaffaCakes118

General

Target

d0d6bb10f5beef91b4627ff70077797b_JaffaCakes118
Size

52KB
MD5

d0d6bb10f5beef91b4627ff70077797b
SHA1

7d96076495c70e3d12058a8f8e3cd578062ee587
SHA256

5719da695551f8dbd2997787ba414c5afbdb9f28bc39aa5c8ba8ebe554dbb787
SHA512

228aafd75ccf80f3179f69e5f4901a0fa82d829a95df5e38b6d10c0db0b0cc82db4909cda5d129cad80567938334d019ec0fd75fa7669cb6cb130adc80dde2c5
SSDEEP

768:2rHtCx+l4AWXcKtjNam8q9t/Ifr93xqPe+9nd6illhZa:2jtCxi4QKtj4m8upIh3xqPVAWlhZa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0d6bb10f5beef91b4627ff70077797b_JaffaCakes118

Files

d0d6bb10f5beef91b4627ff70077797b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e8360ccf4b4e20aa61b2c9611dcd1495

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Pubwin.net\Src\NetCafe Management\HintProt\Release\HintProt.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
VirtualQuery
VirtualProtect
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetModuleFileNameA
ExitProcess
RtlUnwind
GetCurrentThreadId
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InterlockedExchange
HeapFree
HeapAlloc
VirtualAlloc
GetSystemInfo
LCMapStringA
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
InitializeCriticalSection
HeapSize

advapi32

RegCreateKeyA
RegCreateKeyW
RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueA
RegQueryValueW
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8360ccf4b4e20aa61b2c9611dcd1495

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 3KB