1b5938ef44fe8dbc3d65755f697cf250_JaffaCakes118

General

Target

1b5938ef44fe8dbc3d65755f697cf250_JaffaCakes118
Size

40KB
MD5

1b5938ef44fe8dbc3d65755f697cf250
SHA1

1fecafab3266191fcd479c9eb41e7e4e2368a818
SHA256

0d3866a480a5d6127ec9c7c1ffbafd31d3c7ed97ab84d6e8c87dba18727a6c61
SHA512

6cd2d6c8103773589ef914632afa6cacea9116a7b987c2f230e5bbd016f6f5350ae47c7ca1e917ef26623eaa53d66a1858cc417c4130cd976053b0e86bc07aa7
SSDEEP

768:GvziXIHLATH06JlYv1AgvpvEj2FR9uPtAy:GbiRTH06JyAgvpJ1at

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b5938ef44fe8dbc3d65755f697cf250_JaffaCakes118

Files

1b5938ef44fe8dbc3d65755f697cf250_JaffaCakes118
.dll windows:4 windows x86 arch:x86

15416375ec4bf455511c802b9fff90a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
CreateThread
GetCurrentProcessId
GetCurrentProcess
UnmapViewOfFile
ExitThread
Sleep
GetProcAddress
LoadLibraryA
GetLastError
OpenFileMappingA
MapViewOfFile
OutputDebugStringA
CloseHandle
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
RtlUnwind

psapi

GetModuleBaseNameA

Exports

Exports

??4CHookDll@@QAEAAV0@ABV0@@Z
install
uninstall

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15416375ec4bf455511c802b9fff90a7

Headers

File Characteristics

Imports

kernel32

psapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB