ff5fcba1772c1c77d77ded4de2305513_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff5fcba1772c1c77d77ded4de2305513_JaffaCakes118
Size

141KB
MD5

ff5fcba1772c1c77d77ded4de2305513
SHA1

7b5125710b1676de14df2ec76fd53053e7d34ab2
SHA256

06165555ed41b5a8370876ab9ac15fc16f48dfd17afe6e560a34a758ee216261
SHA512

01162df4d698fb6f81aaf7a3f648a2d0d10df69904d8a1987863ac4128d09e9a7503e6cb0c4fd35f06e542ef2ec887fb2d803bcb140c44dcf965d3d1d1a0aff3
SSDEEP

1536:FoDsNATsqV9ifw5ADdvBQaNih7zHlfdOme:DNGsD2ADLQmih7z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff5fcba1772c1c77d77ded4de2305513_JaffaCakes118

Files

ff5fcba1772c1c77d77ded4de2305513_JaffaCakes118
.dll windows:6 windows x86 arch:x86

ec83d018531b2087c9bd82b6bdd8779a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

brcoinst.pdb

Imports

msvcrt

memset
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter
_itoa

ntdll

RtlUnwind

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassInstallParamsA
SetupFindFirstLineA
SetupGetIntField
SetupGetMultiSzFieldA
SetupCloseInfFile
SetupDiGetSelectedDriverA
SetupDiGetDriverInfoDetailA
SetupOpenInfFileA

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
CreateFileA
Sleep
CloseHandle
WriteFile
WritePrivateProfileStringW
GetVersionExA
FormatMessageA
LocalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
QueryDosDeviceA

advapi32

RegEnumKeyExA
RegSetValueExA
CreateServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
ControlService
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
RegCreateKeyExA

winspool.drv

AddMonitorA

Exports

Exports

BrmfPortCoInstaller
BrmfcMDMCoInstaller
BrmfcMFCoInstaller
BrmfcPRTCoInstaller
BrmfcWIACoInstaller

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec83d018531b2087c9bd82b6bdd8779a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

setupapi

kernel32

advapi32

winspool.drv

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 125KB - Virtual size: 190KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 125KB - Virtual size: 190KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB