fd8bc998f3faecbb4f55a9816a4ea9b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fd8bc998f3faecbb4f55a9816a4ea9b9_JaffaCakes118
Size

88KB
MD5

fd8bc998f3faecbb4f55a9816a4ea9b9
SHA1

f5fc3ebcd8c0167b575fa40a986686c1ac936343
SHA256

c29d48dfff2bd6281c35c020cad3c8a4dd341db6517973378a0cc5bc7649ebb9
SHA512

639ee0a5482a18cc0a84f928d9956c4201ddd6e5f7566f29245f1c8554a1450f7a7dd0cd2389fa9466522a75c2e68330e4c8adb5bf470f85b14bd2af160b9c2a
SSDEEP

1536:b5vrKdvlyatsOC+XXQeiArB9wGHPOY6K7z5s744lXl5Y+Um:dvWqKliMErW/w3Xl5Y+t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd8bc998f3faecbb4f55a9816a4ea9b9_JaffaCakes118

Files

fd8bc998f3faecbb4f55a9816a4ea9b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a0d01e71f240618f72e04b3154723f8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\MyDevelop\cpp\OllyHelper\Release\OllyHelper.pdb

Imports

ollydbg.exe

_Addtolist
_Pluginreadintfromini
_Pluginreadstringfromini
_Pluginwriteinttoini
_Pluginwritestringtoini
_Readmemory
_Setbreakpoint
_Getcputhreadid
_Findthread
_Setcpu
_Writememory
_Flash
_Listmemory
_Message
_Error

kernel32

IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
VirtualFreeEx
WaitForDebugEvent
GetModuleFileNameA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
GetPrivateProfileStringA
GetModuleHandleA
GetLastError
GetProcAddress
VirtualAllocEx
GetVersion
GlobalUnlock
lstrcpyA
GlobalLock
GlobalAlloc
lstrlenA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
lstrcpynA
WriteProcessMemory
SetCurrentDirectoryA
GetCurrentDirectoryA
VirtualProtectEx
ReadProcessMemory
Sleep
SetThreadPriority
GetThreadPriority
GetCurrentThread
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
GetEnvironmentVariableA
SetEnvironmentVariableA
MultiByteToWideChar
CloseHandle
GetFileInformationByHandle
CreateFileA
QueryDosDeviceA
GetLogicalDrives
SearchPathA
LoadLibraryA
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
SetUnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetCommandLineA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
HeapSize
HeapReAlloc
HeapDestroy
GetFileType

user32

IsDlgButtonChecked
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
GetWindowLongA
CheckDlgButton
EndDialog
MessageBoxA
DialogBoxParamA
IsDialogMessageA
SetWindowLongA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetWindowTextLengthA
GetWindowTextA
GetDlgItem
SendDlgItemMessageA
SendMessageA
UnregisterClassA
SetWindowPos

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

ShellExecuteA

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0d01e71f240618f72e04b3154723f8d

Headers

File Characteristics

PDB Paths

Imports

ollydbg.exe

kernel32

user32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB