2b6ec208f8c140ff3ca2c56dd08346ea_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b6ec208f8c140ff3ca2c56dd08346ea_JaffaCakes118
Size

432KB
MD5

2b6ec208f8c140ff3ca2c56dd08346ea
SHA1

3926127dee3ac02e51621c046522effc234ff336
SHA256

401c0fdafe273e2f6a8f2bb472825fba64dfcd320227bb27567493268fe91ec0
SHA512

b7e41e3883f5d0e978b2d79ba9b6a2ed7b58c6b4b9c641745c88ec4e2d762d144917f240ddacd4e6dc9f449f05bd6940737ac6b04ec996d8a035b54c14543c07
SSDEEP

6144:HGAIbRXb2Jb0MYCLuGF7qxieB6MrcHVC4DA0hhKklz:HGAoX6DFKGhYieBVraDjXpJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6ec208f8c140ff3ca2c56dd08346ea_JaffaCakes118

Files

2b6ec208f8c140ff3ca2c56dd08346ea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

62b28ec34b904896d7437bf3a4b05a11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\bld_warsaw_ff_08b2\warsaw\core\Release\GN__bidi.pdb

Imports

kernel32

CloseHandle
CreateFileA
GetProcAddress
LoadLibraryA
GetModuleHandleA
FreeLibrary
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
GetComputerNameA
DeleteCriticalSection
WideCharToMultiByte
WaitForSingleObject
SetEvent
ResetEvent
CreateEventA
SetThreadPriority
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
FormatMessageA
DeleteFileA
GetWindowsDirectoryA
GetCurrentThreadId
WriteFile
SetFilePointer
GetFileSize
GetCurrentProcessId
SetLastError
GetCurrentProcess
GetVersionExA
ReleaseMutex
CreateMutexA
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitThread
CreateThread
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
ReadFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileW
SetEndOfFile
lstrcpynA
GetLocalTime
GetModuleFileNameA
GetLastError
DisableThreadLibraryCalls
IsDebuggerPresent
GetTickCount

winspool.drv

XcvDataW
OpenPrinterW
ClosePrinter
EnumPrintersW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetKernelObjectSecurity
GetSecurityDescriptorDacl
SetSecurityInfo
InitializeAcl
AddAccessAllowedAce
IsValidSid
GetLengthSid
GetAce
AllocateAndInitializeSid
FreeSid

Exports

Exports

BidiExchangeNpaA
BidiExchangeNpaW
BidiInitialize
BidiUninitialize

Sections

.text
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62b28ec34b904896d7437bf3a4b05a11

Headers

File Characteristics

PDB Paths

Imports

kernel32

winspool.drv

ole32

advapi32

Exports

Exports

Sections

.text Size: 252KB - Virtual size: 250KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 80KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 964B

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 252KB - Virtual size: 250KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 80KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 964B

.reloc
Size: 28KB - Virtual size: 25KB