d69cd32aafeb1d185bb09ace92175f89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d69cd32aafeb1d185bb09ace92175f89_JaffaCakes118
Size

4.4MB
MD5

d69cd32aafeb1d185bb09ace92175f89
SHA1

d0939845ef358db59c40620879a137bf5e34b892
SHA256

69a7ea12f07aed453f454a337d898c3e2f3a164e87efeb711ed276fe70ce2825
SHA512

dce85e3da338bd58574709c001009cb10cc4426d61c6f15f271aa83ef40e644a5bf1274b8c20e2066b0ad83b589acc3f9e4f570d102f1935234cfe0f3395d5a1
SSDEEP

98304:cJ6LtJBU+L6EcZqqxWE53ZWvAp2Y/QZat9fkso3UGMd:qcWkvc/8Iee2Ye4msokGMd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d69cd32aafeb1d185bb09ace92175f89_JaffaCakes118

Files

d69cd32aafeb1d185bb09ace92175f89_JaffaCakes118
.dll windows:5 windows x64 arch:x64

77ae8c7ce11bc1246e24768a80503be8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
OutputDebugStringA
VirtualFree
VirtualAlloc
GetTempPathA
OpenProcess
SetLastError
VirtualAllocEx
CloseHandle
WriteProcessMemory
ResumeThread
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
RtlAddFunctionTable
VirtualProtect
GetCurrentThreadId
CreateRemoteThread
GetLastError
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
FlsSetValue
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetFilePointer
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
HeapSize
SetEndOfFile
ReadFile

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xzdata
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77ae8c7ce11bc1246e24768a80503be8

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 72KB - Virtual size: 80KB

.pdata Size: 3KB - Virtual size: 2KB

.xzdata Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 72KB - Virtual size: 80KB

.pdata
Size: 3KB - Virtual size: 2KB

.xzdata
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 4KB - Virtual size: 3KB