bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118
Size

541KB
MD5

bd3f26523c5cad6fe9632bfd4f6449bc
SHA1

492f9c4bb1bba2f94b889e9de68e9a6b0289de41
SHA256

34ad177800e89a94d27b7ea4f39cd805c2910fa6afcb835501567b59415af0ed
SHA512

116b5bbf456ac0863cd787fe45b4bf9729d94aaffe2a4f05b150a85f66c04cfa2faf179ba0a8f5abd5358470831c05ded6663402adf9d5085c9631fd898f4587
SSDEEP

12288:VF75Cm31VCpGJfLnba3vpFs10bjZca/HhJL+7Jt:VF75R3He1fZca7L+7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118

resource
bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118

Files

bd3f26523c5cad6fe9632bfd4f6449bc_JaffaCakes118
.dll windows:6 windows x86 arch:x86

0491e117f2127cc84a72143aca93ddf6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Except\95\Pretty\Ease\Green\94\Industry\22\14\move\play\Well\While.pdb

Imports

kernel32

VirtualProtect
Sleep
CreateProcessA
GetEnvironmentVariableA
GetSystemDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
SetEndOfFile
CreateFileW
ReadConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetFileSizeEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
LCMapStringW
OutputDebugStringW
WriteFile
SetFilePointerEx
ReadFile
CloseHandle
ExitProcess
GetSystemInfo
HeapValidate
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
FreeLibrary
EncodePointer
GetLastError
InterlockedFlushSList
RtlUnwind
RaiseException
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
DecodePointer

mprapi

MprInfoBlockQuerySize
MprInfoBlockFind
MprInfoBlockSet
MprInfoBlockRemove
MprInfoBlockAdd
MprInfoDuplicate
MprInfoRemoveAll
MprInfoDelete
MprInfoCreate
MprConfigInterfaceTransportEnum
MprConfigInterfaceTransportSetInfo
MprConfigInterfaceTransportGetInfo
MprConfigInterfaceTransportGetHandle
MprConfigInterfaceTransportRemove
MprConfigInterfaceTransportAdd
MprConfigInterfaceSetInfo
MprConfigInterfaceGetInfo
MprConfigTransportEnum
MprConfigTransportGetInfo
MprConfigTransportSetInfo
MprConfigTransportGetHandle
MprConfigTransportDelete
MprConfigTransportCreate
MprConfigServerRestore
MprConfigServerBackup
MprConfigServerGetInfo
MprConfigServerRefresh
MprConfigServerDisconnect
MprConfigServerConnect
MprConfigServerInstall
MprAdminMIBBufferFree
MprAdminMIBEntryGetNext
MprAdminMIBEntryGetFirst
MprAdminMIBEntryGet
MprAdminMIBEntrySet
MprAdminMIBEntryDelete
MprAdminMIBEntryCreate
MprAdminMIBServerDisconnect
MprAdminMIBServerConnect
MprAdminInterfaceUpdatePhonebookInfo
MprAdminInterfaceQueryUpdateResult
MprAdminInterfaceUpdateRoutes
MprAdminInterfaceDisconnect
MprAdminInterfaceConnect
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceSetCredentialsEx
MprAdminInterfaceGetCredentials
MprAdminInterfaceSetCredentials
MprAdminInterfaceEnum
MprAdminInterfaceTransportSetInfo
MprAdminInterfaceTransportGetInfo
MprAdminInterfaceTransportAdd
MprAdminInterfaceTransportRemove
MprAdminInterfaceDeviceSetInfo
MprAdminInterfaceDeviceGetInfo
MprAdminInterfaceDelete
MprAdminInterfaceSetInfo
MprAdminInterfaceGetInfo
MprAdminInterfaceCreate
MprAdminInterfaceGetHandle
MprAdminIsServiceRunning
MprAdminPortClearStats

Exports

Exports

Crossice
Softmore
Waterwell

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0491e117f2127cc84a72143aca93ddf6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

mprapi

Exports

Exports

Sections

.text Size: 514KB - Virtual size: 513KB

.data Size: 5KB - Virtual size: 339KB

.idata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 284B

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 514KB - Virtual size: 513KB

.data
Size: 5KB - Virtual size: 339KB

.idata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 284B

.reloc
Size: 16KB - Virtual size: 15KB