21a1349d25cb3efda482d0f6b9b3dfc7_JaffaCakes118

General

Target

21a1349d25cb3efda482d0f6b9b3dfc7_JaffaCakes118
Size

244KB
MD5

21a1349d25cb3efda482d0f6b9b3dfc7
SHA1

fcf830e7eb2381935fb9cd401a813918ea850aa8
SHA256

de3a31f5520603a049f58033b01b226634fc1ce5fdf104c99e45019c115ebf60
SHA512

2db2706ee2f86ba731f45b3ed136b71c6049940ef791dd25e8bcbec98ba8c27818a85a1e95b15630ab26ee5883f574d6ff8141b3bb8e0e51da443f233edb436b
SSDEEP

6144:auKAzDMVY5DlfGpKGid+monxrQ3bgQRGmCb:au8VYnfGpKTcjxrQsQRd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a1349d25cb3efda482d0f6b9b3dfc7_JaffaCakes118

Files

21a1349d25cb3efda482d0f6b9b3dfc7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

511d35c6291630b284852735ff446739

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

PropertySheetA

ntdll

RtlDestroyEnvironment
RtlInitString

ole32

CoGetClassVersion
CoRegisterMallocSpy
CoTaskMemRealloc
OleCreateLinkToFile
StgCreateDocfile
CLSIDFromProgIDEx

advapi32

RegDeleteKeyA

imm32

ImmReleaseContext
ImmGetVirtualKey
ImmGetCompositionFontW
ImmEnumInputContext
ImmUnregisterWordA
ImmIsIME
ImmReSizeIMCC

oleaut32

VarDecNeg
VarDateFromDec
VarCyFromDec
SysStringLen
SafeArrayGetElemsize
VariantCopyInd

kernel32

IsBadReadPtr
InitializeCriticalSection
IsBadWritePtr
HeapAlloc
GlobalLock
GetVersionExA
GetTapeParameters
LocalReAlloc
Module32FirstW
ReadFileEx
ReplaceFileW
SetFileAttributesW
UnmapViewOfFile
VirtualProtectEx
lstrcatW
lstrlenA
HeapCreate
GetModuleHandleA
GetFileSizeEx
GetDateFormatA
GetCommandLineA
GetCommConfig
GetBinaryTypeA
AddConsoleAliasW
CompareFileTime
CreateJobObjectW
EnumDateFormatsExA
EnumDateFormatsExW
ExitProcess
ExpandEnvironmentStringsW
FindFirstVolumeMountPointW

Exports

Exports

AudioGUIConfigureItem
BindSurfaceToArray
DAE
EnumIIMInfoReset
EnumImageItemReset
GetBaseImageDataPropertyCount
GetCustomFunctionSettingCount
GetDevSplineArray
GetLocalizedWaitCDTexts

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

511d35c6291630b284852735ff446739

Headers

File Characteristics

Imports

comctl32

ntdll

ole32

advapi32

imm32

oleaut32

kernel32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 160KB

.data Size: 72KB - Virtual size: 116KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 160KB - Virtual size: 160KB

.data
Size: 72KB - Virtual size: 116KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB