2c906a484bdb5fd5894bbe73d7c54263_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c906a484bdb5fd5894bbe73d7c54263_JaffaCakes118
Size

124KB
MD5

2c906a484bdb5fd5894bbe73d7c54263
SHA1

4434e8fbc4c34a2c1526770c42f8d72c023e53e4
SHA256

f1042b91278999ce0a45ebf2b53b88d3983f216f1da36fae75f440c189370634
SHA512

35823f44bb91b3cdf5c12db30f09f4782d4eff3039d748e656b86a5f38215b0ef5a6980eda5a985f5b727d128201df3ca1e35ae32d56c55dd210de2c0c41e82a
SSDEEP

1536:EvEG8EBNOnWpO1Hv67FYrw7K92SqH1Vzd6UH8GlVqTo7R:EvlTXpk3r4KgDH1Nd/8Ga+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c906a484bdb5fd5894bbe73d7c54263_JaffaCakes118

Files

2c906a484bdb5fd5894bbe73d7c54263_JaffaCakes118
.dll windows:4 windows x64 arch:x64

a243b628f7c97573954b5dd0874d55de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

decrhaptifier.pdb

Imports

kernel32

IsBadWritePtr
GetFileType
GetEnvironmentStrings
HeapDestroy
MultiByteToWideChar
FreeEnvironmentStringsW
RtlUnwind
UnmapViewOfFile
GetTickCount
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
ReleaseMutex
SetEvent
OpenProcess
GetACP
CreateNamedPipeA
GetEnvironmentStringsW
GetStartupInfoA
UnhandledExceptionFilter
CreateEventA
SetUnhandledExceptionFilter
VirtualQuery
GetModuleHandleA
WriteFile
GetOEMCP
VirtualProtect
CreateTimerQueueTimer
IsBadCodePtr
GetCPInfo
lstrcpyW
LoadLibraryA
GetLocaleInfoA
EnterCriticalSection
GetStdHandle
DuplicateHandle
CreateThread
WaitForSingleObject
DeleteCriticalSection
GetSystemInfo
HeapFree
lstrcatW
ResetEvent
InitializeCriticalSection
GetVersionExA
IsBadReadPtr
LCMapStringA
HeapAlloc
Sleep
WaitForMultipleObjects
ConnectNamedPipe
GetCurrentThreadId
SetLastError
LeaveCriticalSection
FreeEnvironmentStringsA
QueryPerformanceCounter
DisconnectNamedPipe
TerminateProcess
DeleteTimerQueueTimer
LoadResource
FindResourceA
CreateMutexW
GetModuleFileNameA
GetLastError
LCMapStringW

user32

CreateIconFromResource
DrawIcon
wsprintfW

advapi32

SetSecurityDescriptorDacl
GetSecurityDescriptorOwner
InitializeSecurityDescriptor

msvcrt

exit
wcstok
free
scanf
swprintf
isdigit
wcschr
memmove
malloc
wcsncmp
fgetws
wcscat
fprintf
realloc
wcslen
wcscpy
memcpy
calloc
wprintf
strtok
wcstod
printf
wcscmp
_ltow
wcsstr
wcstol
towupper
memset
_strnicmp
vwprintf
fflush
_wcsnset
_wtoi
_stricmp

Exports

Exports

ljowdsqm

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xdata
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a243b628f7c97573954b5dd0874d55de

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.data Size: 40KB - Virtual size: 67KB

xdata Size: 4KB - Virtual size: 552B

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 68KB - Virtual size: 64KB

.data
Size: 40KB - Virtual size: 67KB

xdata
Size: 4KB - Virtual size: 552B

.rsrc
Size: 8KB - Virtual size: 6KB