2fa03389cd9ebced277bf52f1faab986_JaffaCakes118

General

Target

2fa03389cd9ebced277bf52f1faab986_JaffaCakes118
Size

60KB
MD5

2fa03389cd9ebced277bf52f1faab986
SHA1

33e771da0554b899ef0f23677d359399693e535a
SHA256

0a91098d1d0ab4f8a2b164dfab2be45e9a1095cec78ef5eecfff54457b33d641
SHA512

2cea3f0bacdb5784fe750337ebea2bd1b1b62860cacdaebef0ed696c9eec4ef8dc27bfd3510393625cc1ed91dbfc3031119b7c90c7d8f1d7c47fa5ac42d98b92
SSDEEP

768:CtuAg3Nd/XWudttgkhSAOLchTb3q5xFl7xV:CLWGvoOqe5xHNV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa03389cd9ebced277bf52f1faab986_JaffaCakes118

Files

2fa03389cd9ebced277bf52f1faab986_JaffaCakes118
.dll windows:4 windows x86 arch:x86

74c6ce7d48aeb50d65517149cc9321fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\090603_120837_build_SAI_Build_SAI_61.0.14.0\source\sai_src\Release_Zango_Gateway\npsaidetect.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
RaiseException
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
VirtualAlloc
HeapReAlloc
HeapSize
InitializeCriticalSection
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74c6ce7d48aeb50d65517149cc9321fb

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB