340c384a08e4e9ada902d7de9a1e77d5_JaffaCakes118

General

Target

340c384a08e4e9ada902d7de9a1e77d5_JaffaCakes118
Size

110KB
MD5

340c384a08e4e9ada902d7de9a1e77d5
SHA1

56f9331ca52d59732af1cd94eba58490577f7620
SHA256

1bf8a7a2f55b7d4656d1f4656fbf116606504604f39c32070a3371e62567475e
SHA512

8fa21d1f8617ed53656092b5931ddd1fde32fe72eb74781f8631bbdd0e170ffa69689b2b54e9908d768045a133fd94eeca7be667af4b9aba14f85c2203ae4150
SSDEEP

1536:tIBrqlUXG1+dLuOtecgcfw3g074/ncK0bOQ1ckWDUMUqMv22itypi5/Yls3TfSB:GBkUW1+5Ecf+gXb0bL1JWoMFbyPlAaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
340c384a08e4e9ada902d7de9a1e77d5_JaffaCakes118

Files

340c384a08e4e9ada902d7de9a1e77d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ac3d2d726818ec7749c821e9ab922181

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnprintf
tolower
_except_handler3
_stricmp
malloc
printf
exit
wcsstr
wcscpy
wcsncat
wcslen
time
srand
rand
mbstowcs
fopen
fseek
ftell
fclose
wcscmp
free
sprintf
strcpy
strrchr
strcat
strchr
memset
strncpy
strstr
strlen
atoi
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
_strcmpi
_strupr

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC
CreateDCA

kernel32

SetThreadContext
Thread32Next
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
FlushInstructionCache
InitializeCriticalSection
AddVectoredExceptionHandler
GetModuleHandleA
SetFilePointer
CreateFileA
GetFileSize
ReadFile
GetThreadContext
VirtualQueryEx
ReadProcessMemory
GetFileAttributesW
CloseHandle
GetTempPathA
GetProcAddress
FreeLibrary
IsBadReadPtr
GetCurrentProcessId
OpenProcess
TerminateProcess
GetCurrentProcess
DeleteFileA
OpenThread
Thread32First
CreateToolhelp32Snapshot
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
FindFirstFileA
HeapAlloc
GetProcessHeap
Sleep
GetCommandLineA
LoadLibraryA
FindClose
FindNextFileA
GetModuleFileNameA

user32

GetWindowRect
GetWindow
GetClassNameW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
GetDC

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac3d2d726818ec7749c821e9ab922181

Headers

File Characteristics

Imports

msvcrt

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB