20ee5007ad7735bc82709248bc3a1ae2_JaffaCakes118

General

Target

20ee5007ad7735bc82709248bc3a1ae2_JaffaCakes118
Size

24KB
MD5

20ee5007ad7735bc82709248bc3a1ae2
SHA1

b4191540cb88ca889108878147b62e6cd1c69c12
SHA256

fa1528a47397b9018b075355c6a4eb21edf644d0c3592ec31058bd3af611aa30
SHA512

669bdb17d95d04e2c20ccd55037de4f84516a8ababc50f96e08589f178ebe7e8a87342e74343b0390821d4952210c75170ab4477526ea9c0bbde4516c44cc252
SSDEEP

384:CCKBzB4RW1bmtpWCQW5ZZSb2xwhGFclyU9qxtacbSLEuQnG6ixdqoq7ZxE9TB6t:0BzBeW1A3ZNxwh/YxTeLrP6ixd9pB6t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ee5007ad7735bc82709248bc3a1ae2_JaffaCakes118

Files

20ee5007ad7735bc82709248bc3a1ae2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2e029a19091355346e099ec255af4807

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetTempPathA
GetPrivateProfileIntA
GetCurrentProcess
TerminateProcess
OpenProcess
Sleep
WriteFile
WritePrivateProfileStringA
TerminateThread
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
GetLastError
FindClose
FindFirstFileA
SetFilePointer
GetModuleHandleA
GetModuleFileNameA
HeapAlloc
GetProcessHeap
GetFileSize
ReadFile
CloseHandle
DeleteFileA
lstrcpynA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
OutputDebugStringA
CreateThread

user32

wsprintfA
GetWindow
GetClassNameW

wininet

InternetCloseHandle

msvcrt

free
strcpy
memset
malloc
strcat
sprintf
strlen
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
mbstowcs
memcpy
strrchr
strncpy
strstr
_except_handler3
wcslen
wcsncat
wcscpy
wcsstr
exit
printf
_local_unwind2
_stricmp
strcmp
_vsnprintf
_itoa
_strupr
_strcmpi

iphlpapi

GetAdaptersInfo

gdiplus

GdipGetImageEncoders
GdipDisposeImage
GdiplusStartup
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteDC

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e029a19091355346e099ec255af4807

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

iphlpapi

gdiplus

gdi32

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB