f0394f22ec1aebe4fc58dabf8165b65d_JaffaCakes118

General

Target

f0394f22ec1aebe4fc58dabf8165b65d_JaffaCakes118
Size

556KB
MD5

f0394f22ec1aebe4fc58dabf8165b65d
SHA1

336c8ce70bc6684299ea79409935ac0bd8e6204f
SHA256

0c569c72443dc1e6f17f5a137abd6443d7523a56da69581a29a10c2c869a5b04
SHA512

26b434e68ae2703d3005b82732983648f8b38cb2cfd865cee099e97bc4c5b0cb918f88e76d2a70204bb780bb9048901d436c76011f73465585394d4283e25f25
SSDEEP

12288:SQoaC6oaC4kLyb/q0sGqV7xZy+X4BOoZbTbKh64YSYf1UcRjDr+TLqF9lscGQKcB:SGkLyb/q0sGqV7xZyJOoZbTbKh6PSYfP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0394f22ec1aebe4fc58dabf8165b65d_JaffaCakes118

Files

f0394f22ec1aebe4fc58dabf8165b65d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e61206a07e984b059cd47d3af6024fb4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
GetProcAddress
GetModuleHandleA
GetLastError
CloseHandle
EnterCriticalSection
LeaveCriticalSection
WriteFile
TlsFree
SetLastError
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
MultiByteToWideChar
VirtualProtect
GetSystemInfo
VirtualQuery
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
ReadFile
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetEndOfFile
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize

Exports

Exports

xvid_decore
xvid_encore
xvid_global
xvid_plugin_2pass1
xvid_plugin_2pass2
xvid_plugin_dump
xvid_plugin_lumimasking
xvid_plugin_psnr
xvid_plugin_single

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e61206a07e984b059cd47d3af6024fb4

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 472KB - Virtual size: 471KB

.rodata Size: 16KB - Virtual size: 12KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 470KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 472KB - Virtual size: 471KB

.rodata
Size: 16KB - Virtual size: 12KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 470KB

.reloc
Size: 20KB - Virtual size: 18KB