08282efb60028062e88bf12ed1a2f3dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08282efb60028062e88bf12ed1a2f3dc_JaffaCakes118
Size

176KB
MD5

08282efb60028062e88bf12ed1a2f3dc
SHA1

d60cc18bd8c10f4286ddfdf90efe594b1cb57acf
SHA256

7bda921ed954044bbb6185b62c3a7ade7c09d1cdcf10f1b6cc0837d4885b5b7b
SHA512

5fe5b938b54b0f5f98b8593360db0718374b386933ba523ca4f8efbdc164095fb14392a238d0251e81eda5b2a5a9d9b657ca4e0cafa4b1460f289c6a57312ac9
SSDEEP

3072:GsgbRiRlO4hFa804cZN0HaV3cjrfaeHVx00uzy5CUeUlAa:Bgb4O4hF24cZiHAcjrfdGt0lN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08282efb60028062e88bf12ed1a2f3dc_JaffaCakes118

Files

08282efb60028062e88bf12ed1a2f3dc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

abdffb85e61c1cf64114f52b42a7bdce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.2.0\symbols\Dump-vc80-mt.pdb

Imports

kernel32

OutputDebugStringW
GetTickCount
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
Process32NextW
GetPrivateProfileIntW
CloseHandle
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
ExpandEnvironmentStringsW
LoadLibraryA
MultiByteToWideChar
GetCurrentDirectoryW
WideCharToMultiByte
GetProcAddress
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleFileNameA
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
GetFileAttributesW
RaiseException
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo
LCMapStringA
LCMapStringW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
CreateFileA
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

shlwapi

PathRemoveFileSpecW

Exports

Exports

dump_i
lvalue
lvalue_of
svalue
svalue_of_i
ulvalue
ulvalue_of

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abdffb85e61c1cf64114f52b42a7bdce

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 9KB