31798ea69d6c3365aecda24fadfb06e8_JaffaCakes118

General

Target

31798ea69d6c3365aecda24fadfb06e8_JaffaCakes118
Size

47KB
MD5

31798ea69d6c3365aecda24fadfb06e8
SHA1

65d847bf7533ae6579aa7c29324964c402d0586e
SHA256

977e48eb1cae9c909864421673b7f6dbdc546b54180cf89e3978b799f25c9c03
SHA512

6da50c0f5f3412e1455f1a9f1026a1aadaf2ca69f6c88eabf11f271a33ebcd5a9d737728fbbbd718cde8c8be00b63385fd9d563238ac0f7c133b2a2976094280
SSDEEP

768:E1RxtTn6b+d8vSrFdiYRVe6rZfxZ01O1ZIi6WayRtvTr2BLtxyb7PBR:gZTnu+d8vSrFTVeQxxZ2EV6WayRNHetM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31798ea69d6c3365aecda24fadfb06e8_JaffaCakes118

Files

31798ea69d6c3365aecda24fadfb06e8_JaffaCakes118
.dll windows:8 windows x86 arch:x86

4c13ffb7be8a9882da08fa98811aac4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dot3code

PickIconDlg
SdbFindFirstMsiPackage_Str
ShimDumpCache
ILClone
ImmNotifyIME
ImmGetDescriptionA
ILCloneFirst
DragQueryFile
DragQueryFileA
ImmIsIME
RegenerateUserEnvironment
ImmLockIMC
SdbDeletePermLayerKeys
ImmSetOpenStatus
PifMgr_OpenProperties
ImmGetProperty
SdbQueryApphelpInformation
ImmDisableIme
ImmWINNLSGetIMEHotkey
ILFree
ImmTranslateMessage
ImmReSizeIMCC
DllCanUnloadNow
ImmSetActiveContext
CtfImmTIMActivate

kernel32

lstrcatA
GetCurrentProcess
MapViewOfFile
GetSystemTime
SetEnvironmentVariableA
CreateFileA
WriteFile
HeapQueryInformation
SetThreadLocale
TryEnterCriticalSection
UnmapViewOfFile
ConnectNamedPipe
GetEnvironmentStringsA
SetFilePointer
ReadFile
GetFileTime
WaitForMultipleObjects
FreeEnvironmentStringsA
CreateFileMappingA
EnterCriticalSection
GetSystemTimeAdjustment
InitializeCriticalSection
GetSystemInfo
lstrcpynA
LocalAlloc
OpenThread
GetProcessHeaps
LeaveCriticalSection
GetModuleHandleA
DeleteFileA
CreateIoCompletionPort
GetNamedPipeHandleStateA
GetThreadContext
WriteFileEx

Exports

Exports

CreateProcessNotify
shutsort

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c13ffb7be8a9882da08fa98811aac4b

Headers

File Characteristics

Imports

dot3code

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB