08e76f067ac1b3b6cac7a5f8ee327fd6_JaffaCakes118

General

Target

08e76f067ac1b3b6cac7a5f8ee327fd6_JaffaCakes118
Size

76KB
MD5

08e76f067ac1b3b6cac7a5f8ee327fd6
SHA1

c9e53a2418351bfc7d17ed9b5e28dc1defefb133
SHA256

512be0a4df306fb4691f6b83be544f0b43f273c3f475b7339deb2f963f452544
SHA512

60381ccb953e0af412819cb7ae91a8231d366f9374cb89b62675c1cb9ea529dfd64f6dc0c597af15d0f3c8ab717bd3deb38c0525b48dece76964ab56ea0711a4
SSDEEP

1536:c+7LrHfDCfeMED78kiqyMRmkUGZrjJKZMHNBA6pt3A:c+7LvH01hGp4ZMvzI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08e76f067ac1b3b6cac7a5f8ee327fd6_JaffaCakes118

Files

08e76f067ac1b3b6cac7a5f8ee327fd6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

526de0911518430ee5a688bbb835d6e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetTickCount
GetPrivateProfileIntA
CreateFileA
CloseHandle
DeviceIoControl
InterlockedExchange
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
CreateDirectoryA
ExpandEnvironmentStringsA
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrlenA
VirtualProtect
MultiByteToWideChar
lstrlenW
GetCommandLineA
InterlockedCompareExchange

user32

wvsprintfA
wsprintfW
CheckRadioButton
PostMessageA
wsprintfA

advapi32

RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid
RegOpenKeyExA

ole32

CoTaskMemFree
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
StringFromGUID2
CoTaskMemAlloc

msvcrt

_except_handler3
malloc
_initterm
fwrite
fopen
free
strncpy
_XcptFilter
_amsg_exit
_adjust_fdiv
fclose
memmove

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

526de0911518430ee5a688bbb835d6e6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 36KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 36KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB