fed553cb273163b40dac84fd4fd7d367_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fed553cb273163b40dac84fd4fd7d367_JaffaCakes118
Size

284KB
MD5

fed553cb273163b40dac84fd4fd7d367
SHA1

0667140e6b9a60d2a77d76868df971d0d44a6f61
SHA256

fa221fc0d6e2df1621f9e699ac06d9a68f3ce658e398871a87082340ada4c0dc
SHA512

e26bc63654216c24ef22f19fe29344584ffa6ada6fa52f9342a2841ea7315f31e5e6cb39601182f985f333aba20a50f065063ddf830a771aeaacf96dd283d80c
SSDEEP

3072:7se9tiXxF8+58TtfFb6KoQL0L19iEraUXO38MyYt8ekPzlIx8/pybOOOONNm3Ed2:7s4tiv8fFFFA19iE+UxMyPq9d6OE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fed553cb273163b40dac84fd4fd7d367_JaffaCakes118

Files

fed553cb273163b40dac84fd4fd7d367_JaffaCakes118
.dll windows:4 windows x86 arch:x86

184c76d6c013f4acf368aaa19ceaedb9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\sidebar\build116\build116\EXE\zip32.pdb

Imports

kernel32

LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CloseHandle
InterlockedExchange
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
CreateFileA
GetCurrentProcess
GetVolumeInformationA
FindClose
FindFirstFileA
GetVersion
GetFileType
GetFileTime
GetFullPathNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindNextFileA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
SetFileAttributesA
DeleteFileA
GetDriveTypeA
lstrcpynA
lstrcpyA
lstrcatA
GetFileAttributesA
lstrlenA
MultiByteToWideChar
InterlockedDecrement
GetCPInfo
GetSystemTimeAsFileTime
MoveFileA
SetStdHandle
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwind
InterlockedIncrement
GetCurrentThreadId
GetCommandLineA
GetVersionExA
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
Sleep
GetProcAddress
GetModuleHandleA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointer
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetEndOfFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
RemoveDirectoryA

user32

wvsprintfA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorLength
GetKernelObjectSecurity
OpenProcessToken

Exports

Exports

ZpArchive
ZpGetOptions
ZpInit
ZpSetOptions
ZpVersion

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

184c76d6c013f4acf368aaa19ceaedb9

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 315KB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 315KB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 12KB - Virtual size: 9KB