fa360a225af49044b95e5d3f7d3d74a1_JaffaCakes118

General

Target

fa360a225af49044b95e5d3f7d3d74a1_JaffaCakes118
Size

348KB
MD5

fa360a225af49044b95e5d3f7d3d74a1
SHA1

1211ea8b9a52672088ac49702f04d018beeee45e
SHA256

faab90ca74a64780b1f77f78fed77d53fce4798ee83293dd1bf77965b8761763
SHA512

abc22ecb10deb41abb633a35e3ce4377b5323b1bb1d9854f29bbd92885457b1fe1d93ef65c40a7af498743322d05ce3ed220b0e0fec63e584d37d8146c79f561
SSDEEP

6144:XOKdONrtYsDabt/RdLR903IyMbQuazBr8VY705SMynQ1g:XOeOBtifR90HhzBr8VwRc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa360a225af49044b95e5d3f7d3d74a1_JaffaCakes118

Files

fa360a225af49044b95e5d3f7d3d74a1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d698b4087e267df835a8ae2ea785f9f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetHandleCount
EnterCriticalSection
GetProcAddress
GetModuleHandleA
InitializeCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
CloseHandle
CreateThread
Sleep
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LeaveCriticalSection
GetStdHandle
GetFileType
GetStartupInfoA
GetLastError
SetFilePointer
ReadFile
FlushFileBuffers
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetEndOfFile

Exports

Exports

BIBGetGetProcAddress
BIBGetVersion
BIBInitialize
BIBInitialize2
BIBInitialize3
BIBInitialize4
BIBLockSmithAssertNoLocksImpl
BIBLockSmithDeleteImpl
BIBLockSmithLockImpl
BIBLockSmithUnlockImpl
BIBTerminate

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d698b4087e267df835a8ae2ea785f9f1

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 204KB - Virtual size: 218KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 204KB - Virtual size: 218KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 12KB - Virtual size: 10KB