ff20de19c78752343ff3f0670da4950c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff20de19c78752343ff3f0670da4950c_JaffaCakes118
Size

89KB
MD5

ff20de19c78752343ff3f0670da4950c
SHA1

3871187992eb0fe0fd93c041c30a58b5e953e33c
SHA256

becb04ccb00a2cb6c796d2601d02471932f5393c350456ff22eca2e1e748fa48
SHA512

f346d834610b9183323d2fefb09a5ae00f033ee4c60d1d566a8f6be95db686c041c5af75a888dc3ac34c9f1500fed9e768da9b4b12739cd1611f0c61258e8d82
SSDEEP

1536:4kCfIgAH4TPRcbpf8Ej01Cv7u2FlYz7yv/NXdHY8VwsW4dFnR:4xQnYTybF8Ej01Cv7u2iWv3vFnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff20de19c78752343ff3f0670da4950c_JaffaCakes118

Files

ff20de19c78752343ff3f0670da4950c_JaffaCakes118
.dll windows:5 windows x64 arch:x64

0488da1988e5da3ab85ac50897661d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
GetHandleInformation
GetProcAddress
LoadLibraryA
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
CreateFileA
ExitThread
GetCurrentProcess
ExitProcess
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
EncodePointer
DecodePointer
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
HeapAlloc
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetModuleFileNameW
LoadLibraryExW
HeapReAlloc
SetStdHandle
WriteConsoleW
OutputDebugStringW
HeapSize
FlushFileBuffers
CreateFileW

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetThreadToken
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid

Exports

Exports

ReflectiveLoader
a

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0488da1988e5da3ab85ac50897661d0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB