d50de1191476124dec516ce5263234ea_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d50de1191476124dec516ce5263234ea_JaffaCakes118
Size

182KB
MD5

d50de1191476124dec516ce5263234ea
SHA1

13f812c3c25204060eb6c19b286146ccd6feec40
SHA256

1c6894abccc8c73d2fe3bf5f2365bfd35c870b3d1cf637fc7419ed19243fc226
SHA512

9d45ec1237094f6c488060d5e03150653b46fc7aab13982f44f7577410741ba2cbdf5e8f34e69c10e3ffca8b35c693c178138a529ca043ce3e271f4ff86c1eec
SSDEEP

3072:hQjb0HDfjETQV41qcPD/R8th3xV5F39cCLTT/X8A/ylBEA5krri70xXiNpvO4B5d:hcb0D4s41qcb8hn5h9c0M3yxkvt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d50de1191476124dec516ce5263234ea_JaffaCakes118

Files

d50de1191476124dec516ce5263234ea_JaffaCakes118
.dll windows:6 windows x86 arch:x86

e1c46633b02377e8acff838b21272441

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fltLib.pdb

Imports

msvcrt

memcpy
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
wcscpy_s
wcscat_s

ntdll

NtDeviceIoControlFile
NtWaitForSingleObject
RtlAllocateHeap
RtlInitUnicodeString
NtCreateFile
RtlFreeHeap
RtlNtStatusToDosError
DbgPrint
NtFsControlFile

kernel32

Sleep
InterlockedExchange
CreateFileW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW
CloseHandle
DisableThreadLibraryCalls
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange

Exports

Exports

FilterAttach
FilterAttachAtAltitude
FilterClose
FilterConnectCommunicationPort
FilterCreate
FilterDetach
FilterFindClose
FilterFindFirst
FilterFindNext
FilterGetDosName
FilterGetInformation
FilterGetMessage
FilterInstanceClose
FilterInstanceCreate
FilterInstanceFindClose
FilterInstanceFindFirst
FilterInstanceFindNext
FilterInstanceGetInformation
FilterLoad
FilterReplyMessage
FilterSendMessage
FilterUnload
FilterVolumeClose
FilterVolumeFindClose
FilterVolumeFindFirst
FilterVolumeFindNext
FilterVolumeInstanceFindClose
FilterVolumeInstanceFindFirst
FilterVolumeInstanceFindNext

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1c46633b02377e8acff838b21272441

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 596B

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 596B