d1527552a5378238de6dc87178cb925f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1527552a5378238de6dc87178cb925f_JaffaCakes118
Size

218KB
MD5

d1527552a5378238de6dc87178cb925f
SHA1

504188ee76a07f865f0392abcb8ea69efefbe756
SHA256

72e174d762c74f64a2fa2a239dbc9f8fb920c73a263682f822e28f66f5cc5101
SHA512

78216b90583a20cea93358eb6f28b2b096360ce4479aa5a1a20e063371c24e6adba4b59c85a8e38f3ec1e5f40d73e7fc787eb45cd75ce4d5a26df44a7cb5d158
SSDEEP

6144:zTvOqwBBjuvm/ejWKYzYd2nBII092pqiVOte3b23OwdHYORf6+89:z7OqwBBjuvjjWKYzYd2yxiGOILRf6+89

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1527552a5378238de6dc87178cb925f_JaffaCakes118

Files

d1527552a5378238de6dc87178cb925f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0699692f9b26eb8273029039297d358b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\build\source\datatype\text\realtext\renderer\rel32\rtrender.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
InterlockedCompareExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
IsDebuggerPresent
MulDiv

user32

CharNextA
GetSystemMetrics
GetDC
ReleaseDC
SetCursor
GetCursor
LoadCursorA
DrawTextA

gdi32

DeleteDC
GetDeviceCaps
CreateDIBSection
SetGraphicsMode
GetBkMode
SetBkColor
SetBkMode
CreateFontA
GetObjectA
DeleteObject
SelectObject
SetTextColor
GetTextExtentPoint32A
TextOutA
CreateCompatibleDC

msvcr90

_strnicmp
strrchr
strncpy
??_V@YAXPAX@Z
memset
strstr
strchr
atoi
strncmp
??_U@YAPAXI@Z
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_vsnprintf
_stricmp
tolower
memmove
strtoul
isdigit
atol
isspace
isxdigit
toupper
isalpha
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
sprintf

Exports

Exports

CanUnload
RMACreateInstance

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0699692f9b26eb8273029039297d358b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcr90

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 5KB - Virtual size: 5KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 108KB - Virtual size: 112KB