fd8c26ad790b590fca07a1f166afe6be_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fd8c26ad790b590fca07a1f166afe6be_JaffaCakes118
Size

201KB
MD5

fd8c26ad790b590fca07a1f166afe6be
SHA1

84651dda74112c66a54283b3c5a91c009e1ca267
SHA256

6a0b17d1a3664012dfb47c6d836829f7d7355d07e88c8437d836148458b7096f
SHA512

6bbff852651c0ebe5854624e34f7fcdc1a319659314e13be77e5d763615dfeb6109bfb1f75cd01501bf3b366bb1f65728dbbf4e1536f56704d0b787c8a7070b8
SSDEEP

3072:Rnr2HBGslwBhuK70GvPnNXjpvMwCYFKzJ3ai5yWVrpBHVyMxyMVak1bzMEJsmpN6:ssmjK70GtFJiJKiUWBpryM9AubzMDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8c26ad790b590fca07a1f166afe6be_JaffaCakes118

Files

fd8c26ad790b590fca07a1f166afe6be_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ae2dd82bd5658e4e07c5c87c071725e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imagehlp.pdb

Imports

msvcrt

fflush
_iob
_purecall
??3@YAXPAX@Z
strchr
time
??2@YAPAXI@Z
_wmakepath
wcslen
wcsrchr
_wsplitpath
_osver
sprintf
_wcsnicmp
wcscat
_mbsicmp
_wcsicmp
printf
_fullpath
_access
qsort
bsearch
_memicmp
_sopen
_wsopen
_wfullpath
_chsize
_lseek
_close
_errno
_get_osfhandle
_read
_write
_open_osfhandle
_winminor
_winmajor
_mbscmp
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_mbsnbcpy
wcsncpy
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
strncmp
strrchr
_makepath
_splitpath
atoi
_ultoa
memmove
_stricmp
_except_handler3
strncpy

kernel32

LCMapStringW
DeviceIoControl
VirtualFree
VirtualAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetSystemInfo
GetFileAttributesA
TlsAlloc
TlsFree
HeapAlloc
HeapFree
SetLastError
IsDBCSLeadByte
GetProcAddress
GetModuleHandleA
lstrlenA
TlsGetValue
HeapDestroy
HeapCreate
DisableThreadLibraryCalls
GetVersionExA
CloseHandle
MapViewOfFileEx
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
GetFileSize
SetFileTime
SystemTimeToFileTime
GetSystemTime
GetLastError
MapViewOfFile
CreateFileA
WideCharToMultiByte
lstrcmpiA
lstrcpyA
LoadLibraryA
lstrcatA
GetModuleFileNameA
SetEndOfFile
SetFilePointer
SearchPathA
DeleteFileA
WriteFile
SetFileAttributesA
CopyFileA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalAlloc
FreeLibrary
InterlockedExchange
RaiseException
CopyFileW
CreateFileW
GetFileAttributesW
SetFileAttributesW
MultiByteToWideChar

Exports

Exports

BindImage
BindImageEx
CheckSumMappedFile
EnumerateLoadedModules
EnumerateLoadedModules64
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindFileInPath
FindFileInSearchPath
GetImageConfigInformation
GetImageUnusedHeaderBytes
GetTimestampForLoadedLibrary
ImageAddCertificate
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageEnumerateCertificates
ImageGetCertificateData
ImageGetCertificateHeader
ImageGetDigestStream
ImageLoad
ImageNtHeader
ImageRemoveCertificate
ImageRvaToSection
ImageRvaToVa
ImageUnload
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapAndLoad
MapDebugInformation
MapFileAndCheckSumA
MapFileAndCheckSumW
ReBaseImage
ReBaseImage64
RemovePrivateCvSymbolic
RemovePrivateCvSymbolicEx
RemoveRelocations
SearchTreeForFile
SetImageConfigInformation
SplitSymbols
StackWalk
StackWalk64
SymCleanup
SymEnumSourceFiles
SymEnumSym
SymEnumSymbols
SymEnumTypes
SymEnumerateModules
SymEnumerateModules64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFromAddr
SymFromName
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromName
SymGetLineFromName64
SymGetLineNext
SymGetLineNext64
SymGetLinePrev
SymGetLinePrev64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetTypeFromName
SymGetTypeInfo
SymInitialize
SymLoadModule
SymLoadModule64
SymMatchFileName
SymMatchString
SymRegisterCallback
SymRegisterCallback64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSetContext
SymSetOptions
SymSetSearchPath
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
TouchFileTimes
UnDecorateSymbolName
UnMapAndLoad
UnmapDebugInformation
UpdateDebugInfoFile
UpdateDebugInfoFileEx

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae2dd82bd5658e4e07c5c87c071725e8

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 132KB

.data Size: 62KB - Virtual size: 66KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 132KB - Virtual size: 132KB

.data
Size: 62KB - Virtual size: 66KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 4KB