189f3f22ac8096633902844fb3de7688_JaffaCakes118

General

Target

189f3f22ac8096633902844fb3de7688_JaffaCakes118
Size

31KB
MD5

189f3f22ac8096633902844fb3de7688
SHA1

443006012ec7f8d63a70b5888ae8ebb372cc0416
SHA256

dc0d40968b63eb7c9a08e9c3c70dd28f25876f512f4b1cdd1198e5595f1253cb
SHA512

7ef567d3763dccabad81ac736d9d0637dc9778d209f8f94e2f8639125f6a4f3ec6da1ad151acd1b704273885f410d36776bca7da21d42481d77c0c60ee4bad54
SSDEEP

192:yjK7eyVONO93KV3xR3HYsTkrBAHIKZF74RQy4msd4QdwQHlAqeiPPTX6H:y/Yn93yR33IlAX6kGQd3XFPOH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
189f3f22ac8096633902844fb3de7688_JaffaCakes118

Files

189f3f22ac8096633902844fb3de7688_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b05418bb1961ba16a0eaabfaa7ad4048

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
Module32Next
Module32First
lstrcpyA
GetWindowsDirectoryA
CreateFileA
lstrcatA
ReadFile
LocalAlloc
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
OpenProcess
VirtualProtect
VirtualProtectEx
WriteProcessMemory
CreateToolhelp32Snapshot
WritePrivateProfileStringA
IsBadStringPtrA
Sleep
GetCurrentDirectoryA
GetPrivateProfileStringA
GetCurrentProcessId
GetTempPathA
CreateThread
CloseHandle

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shlwapi

StrStrIA

msvcrt

_itoa
_except_handler3
strrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
strcat
strlen
strcpy
memset
memcpy
strstr
strncat
isprint
_purecall

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

Exports

Exports

comonbabyouyesDrawTextEx
comonbabyouyesEditControl
comonbabyouyesExtTextOut
comonbabyouyesGetCharacterPlacement
comonbabyouyesGetTextExtentExPoint
comonbabyouyesPSMTextOut

Sections

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b05418bb1961ba16a0eaabfaa7ad4048

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

Exports

Exports

Sections

.bss Size: - Virtual size: 16KB

.data Size: 16KB - Virtual size: 15KB

shard Size: 12KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 15KB

shard
Size: 12KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 2KB