279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118

General

Target

279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118
Size

248KB
MD5

279f4702de28ca6615d92d98a7b59cd5
SHA1

fc5f9f504ffd8ffc0866a49b512293241c1efa96
SHA256

6576d6d8e0527cdd2b5971a53ed1727f931b5585744f02f203954a0fdfd3a185
SHA512

887f48221fd1e7d07024e6a7629dd3b8c17840bc719ae5d0e52f553969b66fa029202a0473f230a190e08c61271a294dd527d4e324dfb1b21a97fbaee8cfc4b4
SSDEEP

768:JljRgsh14J5lqVSWO4QpdpX7ybpoBoVffmDAbmBBQARQkEmMXvP1:zjRgshCA5mDAbmBBQARUmM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118

Files

279f4702de28ca6615d92d98a7b59cd5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a0237f292d0295c0123562518de07413

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memcpy
isdigit
_strupr
_snprintf
RtlZeroMemory
RtlUnwind
ZwQuerySystemInformation
memcmp
strlen
strstr

kernel32

CreateFileA
WideCharToMultiByte
VirtualProtectEx
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
SuspendThread
ReadFile
OpenThread
lstrcpynA
CloseHandle
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
LeaveCriticalSection
LoadLibraryA
Sleep
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA
IsBadReadPtr
WritePrivateProfileStringA
MoveFileExA
CreateFileMappingA
CreateProcessA
DeleteFileA
GetCurrentProcessId
GetExitCodeThread
GetFileSize
GetLastError
GetStartupInfoA
GetTempFileNameA
GetTempPathA
MapViewOfFile
WriteFile

user32

wsprintfA
GetWindowThreadProcessId
KillTimer
RegisterWindowMessageA
SendMessageA
SetTimer
UnhookWindowsHookEx

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0237f292d0295c0123562518de07413

Headers

File Characteristics

Imports

ntdll

kernel32

user32

Sections

.text Size: 232KB - Virtual size: 230KB

.bss Size: - Virtual size: 12B

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 232KB - Virtual size: 230KB

.bss
Size: - Virtual size: 12B

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB