2c3afc5b3c3a54290c478f645fd90364_JaffaCakes118

General

Target

2c3afc5b3c3a54290c478f645fd90364_JaffaCakes118
Size

25KB
MD5

2c3afc5b3c3a54290c478f645fd90364
SHA1

76960938b392dbbbcb405a141367e7196dff09db
SHA256

5308e1abfb01f4353b32403cb2c7f89116c42b19d0edfd27e426ee3cc56c317f
SHA512

d579cdee22134e756a52f4e03b24825e41b4c697b26d12fd3483e9e130ab3b31a3fe6bf94e32aaf01f7e74fe0488c5fa460d3e0c392189fa954040ac45cdc8fa
SSDEEP

384:EW5/p9P4FLcryiy2emca/QzFvdDh67OD7NFTLFIVDcW6GGKHBWYZyCYyk:EW5/pR4Sr5caIhvdDQ2QDn6cBtZS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c3afc5b3c3a54290c478f645fd90364_JaffaCakes118

Files

2c3afc5b3c3a54290c478f645fd90364_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dad3e32f5edd57f197ad3a8b5b278262

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetCurrentProcessId
CreateThread
GetProcAddress
VirtualAlloc
ReadProcessMemory
GlobalLock
GlobalAlloc
CreateProcessA
GetModuleFileNameA
GetPrivateProfileStringA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalUnlock
IsBadReadPtr
SetFilePointer
InitializeCriticalSection
VirtualProtectEx
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
GetCommandLineA
GetCurrentThreadId
ReadFile
DeleteFileA
GetTempPathA
CreateFileA
WriteFile
CloseHandle
VirtualProtect
GetModuleHandleA
GetCurrentProcess
TerminateProcess
TerminateThread
ExitProcess
Sleep

user32

SetWindowsHookExA
GetWindowThreadProcessId
FindWindowA
CallNextHookEx
GetWindowTextA

msvcrt

_strupr
_stricmp
_strlwr
_strcmpi
__CxxFrameHandler
strcpy
sprintf
strlen
memcpy
strcat
memset
??2@YAPAXI@Z
atoi
??3@YAXPAX@Z
strstr
strncpy
strchr
fclose
fread
fopen
strcmp
wcslen
strrchr

Exports

Exports

kkk
lll

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dad3e32f5edd57f197ad3a8b5b278262

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 13KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 13KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB