JaffaCakes118_fd65bb77bed136b09207cdc7bea28c0d4915e439a6722be75eb858aa9338d131

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_fd65bb77bed136b09207cdc7bea28c0d4915e439a6722be75eb858aa9338d131
Size

372KB
MD5

eaa0b683f58d97d89c2dd3154a087879
SHA1

070c9f4596f3c9a377e3d75b5d1011efc5f8de4a
SHA256

fd65bb77bed136b09207cdc7bea28c0d4915e439a6722be75eb858aa9338d131
SHA512

d8cdb2e8c25d8c2584f19f469b1782d173c99e83f2b83068f7e61a3a78c9c92499a5f0550ac81b23c46cea2ea5ee98333d7df61c71f1f9c4886cfa367756d3a6
SSDEEP

6144:NbP57UDV0iDt00NKwwmFxDa9oNiEZ/LbseQB7G9wRENL:NbsV5t0ikgDa9oNiEZ/LbFQmrL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_fd65bb77bed136b09207cdc7bea28c0d4915e439a6722be75eb858aa9338d131

Files

JaffaCakes118_fd65bb77bed136b09207cdc7bea28c0d4915e439a6722be75eb858aa9338d131
.dll regsvr32 windows:6 windows x86 arch:x86

e735d9365950e14300009b933a49b131

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Sand-war\us_Man\Protect\Wrong\save.pdb

Imports

kernel32

GetCurrentDirectoryW
GetProcAddress
OpenMutexW
VirtualProtectEx
Sleep
LoadLibraryW
InitializeCriticalSection
EnterCriticalSection
FreeLibrary
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
GetModuleFileNameW
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapValidate
GetSystemInfo
GetLastError
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
LoadLibraryExW
OutputDebugStringA
WriteConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
HeapAlloc
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
SetStdHandle
CloseHandle
CreateFileW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
RegCloseKey

Exports

Exports

DllRegisterServer
Havedivide
Mountaintogether
Seatproperty
Towarddifficult

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e735d9365950e14300009b933a49b131

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 7KB - Virtual size: 5.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 7KB - Virtual size: 5.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB