22c7e4325f5b9c4a2f8554a19370087d_JaffaCakes118

General

Target

22c7e4325f5b9c4a2f8554a19370087d_JaffaCakes118
Size

109KB
MD5

22c7e4325f5b9c4a2f8554a19370087d
SHA1

faab2df8bd3d23047a277b1130aa0354b81f36e0
SHA256

1a1a0d28c03cbef5ee6ec5a04f7e0f5f9f574bcc5a145b89b47521faf273b9b5
SHA512

be5aa900545a1e95d7cf9dfb4ffb99ee5ef35daac835c870fbcb84eff144b1372f49a4d758304d3696956285d4716e5117e3decdaf9f3d4c75ac7a74f9f79710
SSDEEP

3072:iqhEEn0bIVsOCBj6U0i3g8bi8ZTRAtZGF0Ys8F:iqhtcOsfKc9ZTmtZQ0lm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22c7e4325f5b9c4a2f8554a19370087d_JaffaCakes118

Files

22c7e4325f5b9c4a2f8554a19370087d_JaffaCakes118
.exe windows:2 windows x86 arch:x86

c404968afb1b01879f116de0206efb46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avicscli

ILLoadFromStream
ImmLockClientImc
ImmSetCompositionStringA
ImmInstallIMEA
ImmIsUIMessageA
Options_RunDLLA
ImmGetCompositionFontA
PrintersGetCommand_RunDLL
SdbFindNextTagRef
ImmRegisterWordA
SdbGetTagDataSize
ImmGetRegisterWordStyleA
ImmGetAppCompatFlags
DllUnregisterServer
PathMakeUniqueName
ImmCallImeConsoleIME
ImmAssociateContextEx
SdbFindNextTag
PathProcessCommand
SdbReadQWORDTag
CDefFolderMenu_Create
ImmDisableIME
SdbOpenDatabase
SdbGetPermLayerKeys
CtfImmIsGuidMapEnable
ImmGetGuideLineA

kernel32

GetSystemTime
OpenThread
HeapDestroy
HeapAlloc
GetProcessHeap
FileTimeToLocalFileTime
GetCurrentProcessId
UnmapViewOfFile
HeapQueryInformation
ReadFile
TerminateThread
SetThreadLocale
CopyFileA
LocalAlloc
GetModuleHandleA
HeapFree
LeaveCriticalSection
SleepEx
InitializeCriticalSection
EnterCriticalSection
HeapQueryInformation
GetProcessHeaps
SetFilePointer
GetFileTime
SetThreadPriorityBoost
TryEnterCriticalSection
CreateFileMappingA
GetSystemTimes
GetSystemInfo
CreateFileA
MapViewOfFile
WaitForMultipleObjects
HeapCreate

Sections

.text
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c404968afb1b01879f116de0206efb46

Headers

DLL Characteristics

File Characteristics

Imports

avicscli

kernel32

Sections

.text Size: 85KB - Virtual size: 88KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 4KB

.text
Size: 85KB - Virtual size: 88KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 4KB