457570da67b3650339f273164ef5e1ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

457570da67b3650339f273164ef5e1ec_JaffaCakes118
Size

122KB
MD5

457570da67b3650339f273164ef5e1ec
SHA1

0e0c9f273dc89a7505ecff726620c168b43fae18
SHA256

67ae46a5558c839dc2cac478655e1600cd4649a6c28d3a21732a06aab0a56393
SHA512

7f44d46e47929cb57290ccdd8ab1e7fbf848494de3180cd3e29a5bcc4238ce9afa81f5da1eb51c004291188689117e5719da91ff4be41c226935cd7726361d01
SSDEEP

3072:6QHPFlVwvrHmrMO1HuxaNQ+IGN+SUPXKI7:d9zArHZO1O0N/hNdUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
457570da67b3650339f273164ef5e1ec_JaffaCakes118

Files

457570da67b3650339f273164ef5e1ec_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7dabdb1d81bc318202cca27aed9c03e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

MFCM90.i386.pdb

Imports

msvcr90

_lock
_onexit
_except_handler4_common
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_purecall
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__FrameUnwindFilter
_cexit
??_V@YAXPAX@Z
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
__CxxFrameHandler3
??2@YAPAXI@Z
??3@YAXPAX@Z
__dllonexit

mfc90

ord4114
ord2895
ord6558
ord4528
ord6556
ord6583
ord4383
ord2359
ord6289
ord6290
ord2342
ord1391
ord1401
ord5745
ord1866
ord4028
ord391
ord1241
ord1152
ord1137
ord4515
ord4512
ord2965
ord6006
ord6430
ord4279
ord4282
ord2125
ord1744
ord1745
ord2766
ord2978
ord3107
ord4714
ord2961
ord3122
ord2769
ord2888
ord2759
ord3227
ord4066
ord4067
ord4057
ord2886
ord910
ord601
ord274
ord819
ord4334
ord4890
ord4667
ord3485
ord6433
ord1252
ord6252
ord2157
ord1221
ord2246
ord1751
ord3418
ord3728
ord1377
ord721
ord474
ord3935
ord5634
ord3387
ord4040
ord5647
ord5607
ord2069
ord345
ord4679
ord1748
ord5005
ord1728
ord5403
ord4585
ord1144
ord1143
ord599

kernel32

InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
SetUnhandledExceptionFilter

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z

user32

GetWindow
GetClientRect
SendMessageA
PostMessageA
CopyRect
SetWindowPos

mscoree

_CorDllMain

Exports

Exports

AfxmReleaseManagedReferences

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dabdb1d81bc318202cca27aed9c03e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

mfc90

kernel32

msvcm90

user32

mscoree

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 65KB - Virtual size: 71KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 65KB - Virtual size: 71KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 2KB - Virtual size: 1KB