3ded8aea804848334141bd09bd224bc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ded8aea804848334141bd09bd224bc8_JaffaCakes118
Size

128KB
MD5

3ded8aea804848334141bd09bd224bc8
SHA1

26a694a389ae2b31fff163ea30b07c1065b0fb4e
SHA256

50913273c52302d7394baefee0d45c6a3ffc42d6b45c84f9a394a7c9405ce266
SHA512

d9d8e528f0e5ed7d259e05dc68f612c017c3d27058c7523c21f796451d3985d138d7c10f8b1c245b7c2574ffd47c1643bd8e623e284ec7b6116594f8a22d315f
SSDEEP

3072:TYmJ6ykHFuA0fSpjJJTo0ks2fKvxthxh7V81cg8VVJV:Txmjjjo5fexthxhOo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ded8aea804848334141bd09bd224bc8_JaffaCakes118

Files

3ded8aea804848334141bd09bd224bc8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ea22e563eddd4665998047c4acf85a87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr

dscrt30

?mki_CopyMemory@@3P6AXPAXPBXK@ZA
?mki_FillMemory@@3P6AXPAXKE@ZA
?MKallocI@@YAPAXKK@Z
?MKfree@@YAXPAX@Z
?ds_pow@@YANNN@Z
?Tick@DCallback@@QAEHK@Z
?Start@DCallback@@QAEXKK@Z
?mki_MoveMemory@@3P6AXPAXPBXK@ZA
?mki_ZeroMemory@@3P6AXPAXK@ZA
?MKreallocI@@YAPAXPAXKK@Z
??0DString@@QAE@PBVDStringW@@@Z
?Append@DStringW@@QAEJPBDJ@Z
?Finish@DCallback@@QAEXXZ
?UnRegisterFacilityErrorInfo@@YAJK@Z
?RegisterFacilityErrorInfo@@YAJKPBUDS_ECodeDescription@@KPBD@Z

xccdx30

?ReverseBuffer@@YAXPAE0K@Z
??0DSCCITTCodec@@QAE@XZ
??1DSCCITTCodec@@QAE@XZ
?PreDecode@DSCCITTCodec@@QAEKXZ
?SetSize@DSCCITTCodec@@QAEKKK@Z
?Decode@DSCCITTCodec@@QAEKXZ
?PreEncode@DSCCITTCodec@@QAEKXZ
?Encode@DSCCITTCodec@@QAEKXZ
??0DZip@@QAE@XZ
??1DZip@@QAE@XZ
?InitDecompress@DZip@@QAEJK@Z
?Reset@DZip@@QAEXXZ
?End@DZip@@QAEXXZ
?DecompressSync@DZip@@QAEJXZ
?Decompress@DZip@@QAEJH@Z
?SetInBuffer@DZip@@QAEXPAEK@Z
?SetOutBuffer@DZip@@QAEXPAEK@Z
?InitCompress@DZip@@QAEJJJJJJ@Z
?Compress@DZip@@QAEJH@Z
?d_dst_init_dst@JPEG_Core@@MAEXPAUjpeg_compress_struct@@@Z
?d_src_init_src@JPEG_Core@@MAEXPAUjpeg_decompress_struct@@@Z
?Encode@JPEG_Core@@UAEJKKKE@Z
?Decode@JPEG_Core@@UAEJHK@Z
??0JPEG_Core@@QAE@XZ
??_7JPEG_Core@@6B@
?EncodeData@JPEG_Core@@QAEJXZ
?EncodeTables@JPEG_Core@@QAEJKKKE@Z
?FinishDecompress@JPEG_Core@@QAEJXZ
?DecodeChunck@JPEG_Core@@QAEJKK@Z
?ReadCommonTables@JPEG_Core@@QAEJXZ
?Init@LZWControl@@QAEXXZ
??_7LZWControl@@6B@
??0LZW_base@@QAE@XZ
??1LZW_base@@QAE@XZ
?StartDecompress@LZWControl@@QAEJH@Z
?Decompress@LZWControl@@QAEJXZ
?StartCompress@LZWControl@@QAEJXZ
?Compress@LZWControl@@QAEJXZ
?FinishCompress@LZWControl@@QAEJXZ
?Fill_FormatParameters@@YAJPAUFormatParameterList@@PBUFormatParameter@@KK@Z

Exports

Exports

fmt_GetDllInfo

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea22e563eddd4665998047c4acf85a87

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dscrt30

xccdx30

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 60KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 4KB - Virtual size: 2KB