dc835ee9e3a949a6878efe8ebfa601bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc835ee9e3a949a6878efe8ebfa601bc_JaffaCakes118
Size

208KB
MD5

dc835ee9e3a949a6878efe8ebfa601bc
SHA1

2ada950eade286dd07bf225c1860367ab53968e2
SHA256

8f7f17935c1772c28d20711ea57c9b33761137c92b2b21ca3dcd46019d15657c
SHA512

2918809d1ea3547a2b1255912ebad6a2968758f58f86cc1f8e96d62950125286cd529c5f8fa8623c44d5e67b22cee94a5c8792e3652f19dff678aac6b710fbb8
SSDEEP

3072:q6G3Xg4SEax+FquLuCNeC26WmUT8mi78O7Y9PNEoRlplUfVJMQpCnUx7sGbGc0f0:qUQkCnJUTHi78G+NEotlsVJTfOuF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc835ee9e3a949a6878efe8ebfa601bc_JaffaCakes118

Files

dc835ee9e3a949a6878efe8ebfa601bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ed8ba223bafb100802d604f70d8b508c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
VirtualProtect
CreateThread
DisableThreadLibraryCalls
GetLocalTime
ReadProcessMemory
CloseHandle
Process32Next
OpenProcess
Process32First
CreateToolhelp32Snapshot
Sleep
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
ResumeThread
GetLastError
ExitThread
RaiseException
HeapValidate
IsBadReadPtr
CreateDirectoryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameA
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
MultiByteToWideChar
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
WriteFile
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
CreateFileA

user32

MessageBoxA
KillTimer
PeekMessageA
PostQuitMessage
wsprintfA
SetTimer

Exports

Exports

PumaExt

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed8ba223bafb100802d604f70d8b508c

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 16KB - Virtual size: 14KB