54ca6ca0ce069db16f136fc0dbea1925_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

54ca6ca0ce069db16f136fc0dbea1925_JaffaCakes118
Size

252KB
MD5

54ca6ca0ce069db16f136fc0dbea1925
SHA1

737254251dcc57548675ea35a295936a5f90dc51
SHA256

c20478033c66c862d4d97fcc593dd612afddcc40455329ac89787e047e537210
SHA512

05d5a30e7b81714c0514a48acd970c56248149e29d5d8abe4f2c0ea25dde92cd7b5b5cbbf6f2d7723f0dc026b22d9ec554195767210f82b2b9369c55ff534fbe
SSDEEP

6144:ydjcd8ZN1P0i56Lm1HQHd+2CDPaLBGd836Sy:QcOZjNcm0QagC6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54ca6ca0ce069db16f136fc0dbea1925_JaffaCakes118

Files

54ca6ca0ce069db16f136fc0dbea1925_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4264cf89e94ec481e8f1926a6ee86cdc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\home\ywada\FF\FPV_MP\FPV55Sources\DLL_Projects\MergeFolder\Release\MergeFolder.pdb

Imports

kernel32

CloseHandle
FlushFileBuffers
SetStdHandle
FreeLibrary
IsDBCSLeadByte
GlobalAlloc
GlobalFree
GetStringTypeW
GetStringTypeA
GetSystemInfo
WideCharToMultiByte
GetVersionExA
MultiByteToWideChar
LoadLibraryA
GetFileAttributesA
GetModuleFileNameA
GetProcAddress
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
InitializeCriticalSection
SetFilePointer
GetLocaleInfoA
VirtualProtect

user32

DestroyWindow
DialogBoxParamA
EnableWindow
InvalidateRect
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
ShowWindow
MessageBoxA
MessageBoxW
SetWindowTextA
GetWindowTextA
EndDialog
GetDlgItem
GetClientRect
GetDC
ReleaseDC
CreateDialogParamA
wvsprintfA

gdi32

CreateRectRgnIndirect
FillRgn
DeleteObject
CreateSolidBrush

fpv4folder

fpv4MergeFolder

Exports

Exports

_Close@0
_CreateWindowL@8
_CreateWindowM@8
_Exec@8
_Free@0
_GetType@0
_Init@0
_SetService@8

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4264cf89e94ec481e8f1926a6ee86cdc

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

fpv4folder

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 180KB - Virtual size: 185KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 180KB - Virtual size: 185KB

.reloc
Size: 8KB - Virtual size: 7KB