f66b8e109c9587a5f76c2bc6650dd7af_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f66b8e109c9587a5f76c2bc6650dd7af_JaffaCakes118
Size

108KB
MD5

f66b8e109c9587a5f76c2bc6650dd7af
SHA1

3f5a85e6509bddd70cf4aaa1ca73dbc07ff26e46
SHA256

1097f9f28504e483596d8cf92d6753c878b7e29f9f3302674a39a652641f56ab
SHA512

fd35ad1b358764235b195c7f8375f1efac12a90757e983ba30cee9c4f91a565ca4ebdd3c998a728a0aeaecf0a7907e710faeb62d92cb0d2138f60e4854bdc612
SSDEEP

1536:FXtKbb8hZMvO6burMC2SU6I5tIrsnqMCAHSkJo2O6uLtp+tEMcBRk:3ScZMW6buJjI5EM/FO6qtp+tEMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f66b8e109c9587a5f76c2bc6650dd7af_JaffaCakes118

Files

f66b8e109c9587a5f76c2bc6650dd7af_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d268e8749249cc0a4b090ccdc61d0d9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\프로젝트\방어모듈\guardian\release\gartene.pdb

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

InterlockedExchange
DeleteFileW
DeleteFileA
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
DuplicateHandle
GetCurrentProcess
FreeLibrary
GetProcAddress
VirtualQuery
SetLastError
GetModuleHandleA
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
GetLastError
GetCurrentThread
LoadLibraryW
FindResourceExA
GetModuleFileNameA
FindResourceA
SizeofResource
LockResource
CloseHandle
LoadResource
RtlUnwind
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
VirtualFree
HeapCreate
ExitProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
UnregisterClassA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExW
RegEnumKeyExA
RegCloseKey
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCreateKeyW
RegOpenKeyExW
RegSetValueExA
RegDeleteKeyW

shell32

SHGetSpecialFolderPathA

Exports

Exports

InstallHook
UninstallHook

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SPAWNIN
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d268e8749249cc0a4b090ccdc61d0d9e

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4.0MB

.SPAWNIN Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4.0MB

.SPAWNIN
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 18KB