0ce064d5c931a2990a8c1ef91be23e6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ce064d5c931a2990a8c1ef91be23e6a_JaffaCakes118
Size

126KB
MD5

0ce064d5c931a2990a8c1ef91be23e6a
SHA1

186e2e2447f27f6092eccf49e7baf7d1233b4b17
SHA256

a288e047d053a107105984ff5f0e78510db48c914aff653238feab1d6423b57a
SHA512

2017d1fae9c52bbff72dac5b068eda34aa307baba5fd3b5a8ca8ca265b21d252de9012fc4edbcde9995543813f432ad70a7d055cf57ee091fae8e78ccc1e642d
SSDEEP

3072:aDUt9GEi8C25e4KripnkD1pD98bx4XUDXVDw8RUY9lF5OJoAVB/0vK:xrx625RKriqDDOb/XFw8RV9//AVBp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ce064d5c931a2990a8c1ef91be23e6a_JaffaCakes118

Files

0ce064d5c931a2990a8c1ef91be23e6a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

07a389d7e8cb94221891dd3ccd7eef8b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\trunk\code\client\vendor\glib\glib-2.28.8\build\win32\vs10\Release\Win32\bin\gthread.pdb

Imports

kernel32

TlsGetValue
GetCurrentProcess
WaitForSingleObject
SetEvent
GetCurrentThread
GetSystemTimeAsFileTime
InitializeCriticalSection
TlsSetValue
Sleep
CreateEventA
LeaveCriticalSection
SetThreadPriority
GetLastError
GetProcAddress
EnterCriticalSection
GetModuleHandleA
CreateMutexA
IsDebuggerPresent
DeleteCriticalSection
DuplicateHandle
ReleaseMutex
TlsAlloc
CloseHandle
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetCurrentProcessId

user32

MessageBoxA

libglib-2.0-0

g_thread_use_default_impl
g_ptr_array_add
g_set_error
g_free
g_ptr_array_remove
g_ptr_array_free
g_ptr_array_new
g_win32_error_message
g_malloc_n
g_log
g_get_current_time
g_realloc
g_assertion_message_expr
g_assertion_message
g_ptr_array_set_size
g_ptr_array_remove_index
g_thread_error_quark
g_thread_functions_for_glib_use
g_thread_init_glib
g_thread_gettime

msvcr100

_amsg_exit
_initterm
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
abort
sprintf
free
calloc
_endthreadex
_beginthreadex
_malloc_crt
_encoded_null
_initterm_e

Exports

Exports

g_thread_init
g_thread_init_with_errorcheck_mutexes

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 109KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

07a389d7e8cb94221891dd3ccd7eef8b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

libglib-2.0-0

msvcr100

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text Size: 109KB - Virtual size: 112KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 109KB - Virtual size: 112KB