fd4e66af86a8bd3b731b68cabea9af64_JaffaCakes118

General

Target

fd4e66af86a8bd3b731b68cabea9af64_JaffaCakes118
Size

339KB
MD5

fd4e66af86a8bd3b731b68cabea9af64
SHA1

ea45133cbfd18541a01874c2f060a18e3eac311d
SHA256

44b2cdfa2f4359e7d663bb2870f217467954a3e39c939b3422c5082c73b5b8b1
SHA512

aa297a742aef71e5235242c66aec367d2482904572049413cb84f54e38835d1fe2297c590e51e28f01c45ca2d8969a85a695c295f4c13bd6a10ae72fd849ad9a
SSDEEP

6144:EK3hlDGL8Nkq29EdGdemHRxvgfkaAAwGXDbN3sX7t4klWWwXG00:ExYqLEdG8DvHN3aPUWwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd4e66af86a8bd3b731b68cabea9af64_JaffaCakes118

Files

fd4e66af86a8bd3b731b68cabea9af64_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92dc953d46d1269f1eba7b12a99e9026

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VarFormatDateTime

winspool.drv

ClosePrinter

rpcrt4

I_RpcFree
I_RpcSsDontSerializeContext
NdrNonConformantStringMemorySize
NdrSimpleStructUnmarshall

shell32

DuplicateIcon
SHFormatDrive
SHGetSettings
WOWShellExecute
DragQueryPoint

kernel32

GetPriorityClass
lstrlenA
lstrcmpiA
WaitForMultipleObjectsEx
VirtualProtect
VirtualAlloc
SizeofResource
QueryPerformanceCounter
MulDiv
Module32First
LockResource
LoadResource
LoadLibraryExA
LoadLibraryA
IsProcessorFeaturePresent
CancelDeviceWakeupRequest
ExitProcess
FlushInstructionCache
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
GetModuleFileNameA
GetModuleHandleA
GetNumberOfConsoleInputEvents
GetProcessPriorityBoost
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GlobalFree
GlobalLock
InterlockedDecrement
InterlockedExchange
IsDBCSLeadByte

Exports

Exports

CreateEffectFromResourceExW
CreateFontIndirectA
SHEvalDirectionalLight
SHEvalHemisphereLight
SplitMesh
VecAddFontMapper
mpegInFree
mpegSplitOpenFile
mpegSplitSeekTimeTS

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92dc953d46d1269f1eba7b12a99e9026

Headers

File Characteristics

Imports

oleaut32

winspool.drv

rpcrt4

shell32

kernel32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 66KB - Virtual size: 67KB

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 66KB - Virtual size: 67KB

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 2KB - Virtual size: 1KB