dc15782abf301945a3356407700531c9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dc15782abf301945a3356407700531c9_JaffaCakes118
Size

186KB
MD5

dc15782abf301945a3356407700531c9
SHA1

0a0c1453a70210cf165e507f45dc93070a4b87e1
SHA256

fe1e8d7ecf40f7ef4edd5c3f2fa704712fec1f5849de99fbac345377d300041f
SHA512

f49a5617446e0c8e6bc7a6fd8391a61be7eb6c42c11c81e95b2439ae91c8ef9c275ca4d4645c4385b1d4bac82919aa15253ca4282641e4a8118acfd00e5c1fc6
SSDEEP

3072:0OQp4hDxQDShqmO2e51vFcJBKUgCRvZg0k7JFX5:0N6x+SnO2ezGmataR7JF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc15782abf301945a3356407700531c9_JaffaCakes118

Files

dc15782abf301945a3356407700531c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b8fba4717148c8bce84a8a2bb7707d26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
lstrcpyA
GlobalReAlloc
GlobalLock
GlobalAlloc
GlobalFree
GlobalHandle
WideCharToMultiByte
lstrlenA
CloseHandle
GetLocaleInfoW
GetStringTypeA
GetLastError
WriteFile
SetLastError
TlsFree
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsAlloc
GetModuleHandleA
GetProcAddress
GetVersion
ExitProcess
GetCommandLineA
GetStringTypeW
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
ReadFile
LCMapStringW
LCMapStringA
LoadLibraryA
VirtualAlloc
SetFilePointer
HeapFree
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapAlloc
HeapDestroy
GetCurrentProcess
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
FreeEnvironmentStringsA
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetStdHandle
GlobalUnlock
GetFileType
SetHandleCount
VirtualFree
HeapCreate

user32

SetRect

gdi32

GetNearestPaletteIndex
DeleteObject
RealizePalette
SelectPalette

ltkrn12n

ord196
ord190
ord188
ord192
ord134
ord189
ord163
ord123
ord101
ord117
ord100
ord120
ord122
ord125
ord129
ord141
ord191

lvkrn12n

ord2005
ord2403
ord1205
ord1206
ord1208
ord104
ord2402
ord1112
ord1109
ord1100
ord102
ord118
ord114
ord2300
ord100
ord122
ord101
ord2100
ord1218
ord2007
ord1200
ord1201
ord1223
ord2101
ord302
ord206
ord400
ord1111
ord1110
ord2001
ord2000
ord2009
ord1308
ord1309
ord1224
ord1105
ord1106
ord1107
ord1108
ord1311
ord1300
ord1216
ord2401
ord2400
ord1215

Exports

Exports

DllMain
fltInfo
fltLoad
fltSave

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8fba4717148c8bce84a8a2bb7707d26

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ltkrn12n

lvkrn12n

Exports

Exports

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 18KB

.idata Size: 58KB - Virtual size: 58KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 18KB

.idata
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB