03a8826bce927d2cee1c7e858749cd3a_JaffaCakes118

General

Target

03a8826bce927d2cee1c7e858749cd3a_JaffaCakes118
Size

104KB
MD5

03a8826bce927d2cee1c7e858749cd3a
SHA1

c9bbfa172f84b8f159cbb364d2b51d90683b8fb0
SHA256

20e4cd731119c06f6fa00c07a28b7cd52cf1e8a42829958de63ca115b79f210c
SHA512

db19e052cd7185e8094e1b4174b676f1edb49325d4b4964cc2a499084e253f2d93a162d97017b0e12afee9747cd7958f8be394e3fb8628b7a96a41e7f9c261ea
SSDEEP

1536:Nh2bkbmcIT/6ZbQfAcF4cpXMc2fOSGzgMxGjC+2G1/yOjHE0KU7ViFiUar:NhjoT/6ZsfAdUXGfxoQje6RjkJTFnar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03a8826bce927d2cee1c7e858749cd3a_JaffaCakes118

Files

03a8826bce927d2cee1c7e858749cd3a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

796b1ac7041886e7ecbabedd5bef8cf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u0npcrmj54.s8vt

Imports

kernel32

UnhandledExceptionFilter
GetLocaleInfoA
HeapAlloc
CreateNamedPipeA
GetCPInfo
GetEnvironmentStringsW
UnmapViewOfFile
VirtualQuery
GetModuleHandleA
WaitForMultipleObjects
SetEvent
FreeEnvironmentStringsA
CreateThread
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
GetFileType
GetStartupInfoA
GetCurrentProcessId
CreateMutexW
VirtualProtect
DeleteTimerQueueTimer
GetACP
InterlockedCompareExchange
InterlockedDecrement
ResetEvent
WideCharToMultiByte
InterlockedExchange
lstrcpyW
HeapDestroy
GetOEMCP
OpenProcess
GetTickCount
SetLastError
DisconnectNamedPipe
CreateTimerQueueTimer
RtlUnwind
CreateEventA
IsBadCodePtr
WaitForSingleObject
LCMapStringA
FreeEnvironmentStringsW
GetCurrentThreadId
QueryPerformanceCounter
InitializeCriticalSection
ReleaseMutex
HeapFree
DeleteCriticalSection
IsBadReadPtr
GetLastError
ConnectNamedPipe
GetSystemInfo
MultiByteToWideChar
DuplicateHandle
LoadLibraryA
GetStdHandle
ExitThread
CopyFileA
Sleep
InterlockedExchangeAdd
LeaveCriticalSection

user32

DrawIcon
CreateIconFromResource
wsprintfW
LoadIconA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

ahlcqlax

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

796b1ac7041886e7ecbabedd5bef8cf7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 15KB - Virtual size: 45KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 662B

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 15KB - Virtual size: 45KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 662B