4b302b6d4840dcc84f9087d6a0625057_JaffaCakes118

General

Target

4b302b6d4840dcc84f9087d6a0625057_JaffaCakes118
Size

80KB
MD5

4b302b6d4840dcc84f9087d6a0625057
SHA1

e436f1bba29d57d5883647fd2ae2ce206cb39703
SHA256

390ab7d2251d16dacde82fd71080234e404c5ba9c3bad3e5e35986c46c809f76
SHA512

15a8693bff7a992b99ca2d685859afab672a27f90ca9af615b702d11b2e2c51654e57a06180526bd6e8162aea7e73fc1c98945bc447b262a9cd3fb5cc06c48fc
SSDEEP

1536:5isu0PzA8L8z8jKhonQyw2aMPR+SUc108RpsWjcdr6n:f08QzoKhCCs7lWrq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b302b6d4840dcc84f9087d6a0625057_JaffaCakes118

Files

4b302b6d4840dcc84f9087d6a0625057_JaffaCakes118
.dll windows:5 windows x86 arch:x86

699165a8d26c3b49923fb81586978aad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
LoadLibraryW
GetModuleHandleW
CreateFileW
GetLastError
HeapFree
MultiByteToWideChar
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
HeapAlloc
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
WideCharToMultiByte
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapReAlloc
OutputDebugStringW
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

699165a8d26c3b49923fb81586978aad

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 3KB