f10d3914053e12a42711689f3e821c86_JaffaCakes118

General

Target

f10d3914053e12a42711689f3e821c86_JaffaCakes118
Size

39KB
MD5

f10d3914053e12a42711689f3e821c86
SHA1

91cf71328e6bfdfd9b0644b0de58e645f9056173
SHA256

12ac15da5f04f1ee685f86a9d53d3beb541a4b36a3e3542c6fd9ec6943ed8c20
SHA512

1a0f4e4bb872fc753586f0973edd941821101b5d818edb846fbe1cbfa3a38eed46e4013574fbb463833107fcfdf390002dfdf4cb4c1dc49e7ea0ddbf25e673f9
SSDEEP

192:cMNASIfuCtrey+Am5lYRb1GMlkgnG67Wy7MBBjs0lB0l:cMuJfuCgyhMyk07WT3js0lB0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f10d3914053e12a42711689f3e821c86_JaffaCakes118

Files

f10d3914053e12a42711689f3e821c86_JaffaCakes118
.dll windows:4 windows x86 arch:x86

65778220e9eeea50197427dfd1596d6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrlenA
GetTempPathA
ExitProcess
GetLastError
CreateMutexA
SetFilePointer
GetFileSize
ReadFile
GetCurrentProcess
ResumeThread
SetThreadContext
FlushInstructionCache
GetPrivateProfileStringA
WriteProcessMemory
GetThreadContext
SuspendThread
TerminateProcess
LoadLibraryA
GetProcAddress
lstrcpyA
GetModuleFileNameA
WaitForSingleObject
Sleep
GetLocalTime
CreateThread
GetPrivateProfileIntA
lstrcmpiA
GetStartupInfoA
CreateProcessA
CreateFileA
CloseHandle
DeleteFileA
VirtualProtectEx
WriteFile

user32

wsprintfA

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
AdjustTokenPrivileges

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetGetConnectedState

msvcrt

??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
??2@YAPAXI@Z

Exports

Exports

CoreMain
RemoteExecuteExtern
RemoteExecuteNormal

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65778220e9eeea50197427dfd1596d6a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 760B

.share Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 474B

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 760B

.share
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 474B