1b485109f94d48685302aa3549e20203_JaffaCakes118

General

Target

1b485109f94d48685302aa3549e20203_JaffaCakes118
Size

99KB
MD5

1b485109f94d48685302aa3549e20203
SHA1

e952c7ab625534d3816302bd1f20a823b25e3fb0
SHA256

d4f10ac07faba915cf4da68f9a2f65822a7d272ca2d0eeaaf0436494bc104332
SHA512

a16d0e3ffcd9abd9bf430d8565edc55ba24b7adc781a3408b9efa0547f7378beeb5a7efa90f52f3bba835169b1ba4d690e331e8fa7d3a6d28142847f07f38738
SSDEEP

1536:SpyHReQQmcv9ZsOlVrjwEUTrQjJpddEatAY0YW:SpyHReQQXeSVXXd7t90YW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b485109f94d48685302aa3549e20203_JaffaCakes118

Files

1b485109f94d48685302aa3549e20203_JaffaCakes118
.dll windows:4 windows x86 arch:x86

76aabe71eca9cead95110e0960f39002

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CreateThread
SetFileAttributesA
GetModuleFileNameA
GetLastError
CloseHandle
ReleaseMutex
OpenMutexA
WinExec
GetProcAddress
LoadLibraryA
GetTempPathA
WaitForSingleObject
lstrlenA
lstrcpyA
lstrcmpiA
SetLastError
lstrcatA
GetFileAttributesA
DeleteFileA
GetSystemDirectoryA
HeapFree
HeapAlloc
CreateFileA
GlobalMemoryStatusEx
GetComputerNameA
GetLocaleInfoW
GetTickCount
ExitThread
TerminateProcess
CreateProcessA
DeviceIoControl
ExitProcess
GetCurrentProcess
HeapReAlloc
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetExitCodeProcess
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetFilePointer
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
SetStdHandle
SetEndOfFile
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
FreeLibrary
LocalAlloc
InterlockedExchange

Exports

Exports

Install
StartRouter

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76aabe71eca9cead95110e0960f39002

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 77KB - Virtual size: 76KB

.reloc
Size: 5KB - Virtual size: 5KB