db281f425ade28319f57fc7a2323be14_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

db281f425ade28319f57fc7a2323be14_JaffaCakes118
Size

2.3MB
MD5

db281f425ade28319f57fc7a2323be14
SHA1

ed1ed4e6521bb8aac002fe771588931eb323238d
SHA256

d08c0760817ddec75ece265c58879a9b12bfe36cca964318a9541e2961791fde
SHA512

1af75b71c36ec1973d25ef3a7641304cd94482dabd6d1498aa3e81118e1ac33cce40660b60a024fa548081e2f8263fe15b0b4ffbf0dfea3a6a699b61d24225f4
SSDEEP

49152:9IP43CyoArQia3Tx7mmLiUgBrFmk6VdkjNo14F2WMjCTejJL43HzxiS:nJ8iajx7mmLizrl6LX1C2/jWS4DxiS

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tilib68/win/tilib.exe
unpack001/tilib68/win/tilib64.exe

Files

db281f425ade28319f57fc7a2323be14_JaffaCakes118
.zip
tilib68/bcc32.cfg
tilib68/gcc.cfg
tilib68/linux/tilib
.elf linux x86
tilib68/linux/tilib64
.elf linux x86
tilib68/mac/tilib
.macho macos arch:x86
tilib68/mac/tilib64
.macho macos arch:x86
tilib68/readme.txt
.vbs
tilib68/vc32.cfg
tilib68/vc64.cfg
tilib68/win/tilib.exe
.exe windows:5 windows x86 arch:x86

67654033259549999b7c2c930f56b2b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tilib.pdb

Imports

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString

ole32

CoInitialize
CoUninitialize
CoCreateInstance

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetEnvironmentVariableA
CompareStringA
CompareStringW
HeapFree
CloseHandle
CreateFileW
ReadFile
SetFilePointerEx
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempPathA
GetLastError
GetEnvironmentVariableA
GetModuleHandleA
SearchPathA
ExitProcess
IsDebuggerPresent
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
FormatMessageA
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetStdHandle
GetEnvironmentStrings
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
RaiseException
GetModuleHandleW
GetCommandLineA
HeapAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
DuplicateHandle
GetCurrentProcess
GetDriveTypeA
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
CreateDirectoryA
SetEndOfFile
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
HeapSize
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
VirtualAlloc
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tilib68/win/tilib64.exe
.exe windows:5 windows x86 arch:x86

67654033259549999b7c2c930f56b2b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tilib64.pdb

Imports

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString

ole32

CoInitialize
CoUninitialize
CoCreateInstance

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetEnvironmentVariableA
CompareStringA
CompareStringW
HeapFree
CloseHandle
CreateFileW
ReadFile
SetFilePointerEx
FreeLibrary
GetProcAddress
LoadLibraryA
GetTempPathA
GetLastError
GetEnvironmentVariableA
GetModuleHandleA
SearchPathA
ExitProcess
IsDebuggerPresent
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
FormatMessageA
GetModuleFileNameA
GetFullPathNameA
GetFileAttributesA
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
TerminateProcess
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetStdHandle
GetEnvironmentStrings
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
RaiseException
GetModuleHandleW
GetCommandLineA
HeapAlloc
HeapReAlloc
GetTimeFormatA
GetDateFormatA
DuplicateHandle
GetCurrentProcess
GetDriveTypeA
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
CreateDirectoryA
SetEndOfFile
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
LCMapStringW
HeapSize
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GetTickCount
GetCurrentProcessId
VirtualAlloc
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetCurrentDirectoryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67654033259549999b7c2c930f56b2b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

ole32

kernel32

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 6KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 101B

.reloc Size: 36KB - Virtual size: 36KB

67654033259549999b7c2c930f56b2b4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

ole32

kernel32

Sections

.text Size: 548KB - Virtual size: 547KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 6KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 101B

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 6KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 101B

.reloc
Size: 36KB - Virtual size: 36KB

.text
Size: 548KB - Virtual size: 547KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 6KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 101B

.reloc
Size: 36KB - Virtual size: 36KB