fb8a573b2da9fa935148c843adbad420_JaffaCakes118

General

Target

fb8a573b2da9fa935148c843adbad420_JaffaCakes118
Size

192KB
MD5

fb8a573b2da9fa935148c843adbad420
SHA1

0c63f92f091dea9ce311a08f29bd3c228b19807f
SHA256

2fcb305be34b96a3008ce522b894d0ba7bbe01e535e321dbd61860a85fde9986
SHA512

3f75526da25919a535865e678ddd4981b0a1d23072303b90aac272fd8b8349af05088dbac2079274e6ca34bd386338380602f9b2e540419c0c4f6542b3bc4e91
SSDEEP

6144:BMtTfcjfhdnyLnBMbzdwlxmJ6Qjjo/3mX6Ru:CpMdyLnmGE4QjjvX6R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb8a573b2da9fa935148c843adbad420_JaffaCakes118

Files

fb8a573b2da9fa935148c843adbad420_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3ff798167b6e5125bff168e459fbf22f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\client\auth\basicauth\clbascauth.pdb

Imports

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr71

_purecall
strncpy
isspace
strchr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??_V@YAXPAX@Z
sprintf
__CxxFrameHandler
??3@YAXPAX@Z
_strcmpi
??1exception@@UAE@XZ
_vsnprintf
malloc
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
_except_handler3
free
_initterm
_adjust_fdiv
__CppXcptFilter
__dllonexit
_onexit
?terminate@@YAXXZ
??0exception@@QAE@XZ
_strnicmp

kernel32

GetCurrentProcessId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
ExitProcess
GetCurrentThreadId

Exports

Exports

RMACreateInstance
RMAShutdown

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ff798167b6e5125bff168e459fbf22f

Headers

File Characteristics

PDB Paths

Imports

msvcp71

msvcr71

kernel32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 168KB - Virtual size: 168KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB