34b8d67b65950f56f33c658f104bf8b5_JaffaCakes118

General

Target

34b8d67b65950f56f33c658f104bf8b5_JaffaCakes118
Size

16KB
MD5

34b8d67b65950f56f33c658f104bf8b5
SHA1

238da71048bacbdcd1cae3463744623a49535045
SHA256

556ad6bfe12ef397485297b603d78a12fd851549fb05c23862c5f83ea47781d8
SHA512

62440e6285344fc2abc9eec85dba8ffbd6083e74e810290cf12de04727eee53ef9baf6b95971a811bc053a493d0c3c68488a1ebf6de9068eb5107e6c12f460f6
SSDEEP

384:TkLtAKZgjYJ4A4AAVQSZydOffV064sdLNm:IJAKZgjKAieWaV064qL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34b8d67b65950f56f33c658f104bf8b5_JaffaCakes118

Files

34b8d67b65950f56f33c658f104bf8b5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

f7fc9d082cedb10adbae15e365e7485d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtAdjustPrivilegesToken
wcstombs
strrchr
RtlCompareMemory
NtOpenProcessToken
NtClose
NtYieldExecution
RtlInitUnicodeString
strstr
mbstowcs
sprintf
_wcsicmp
strchr
_stricmp
memset
memcpy
RtlUnwind

kernel32

CreateProcessA
CreateThread
DeleteFileA
ResumeThread
SuspendThread
GlobalReAlloc
GetCurrentProcessId
CloseHandle
GetVersionExA
GetCurrentThreadId
GetShortPathNameW
CreateToolhelp32Snapshot
VirtualProtect
CreateMutexA
GetModuleHandleA
GetComputerNameA
CreateFileA
PeekNamedPipe
SetErrorMode
FreeLibrary
MoveFileExW
GetCurrentProcess
WaitForSingleObject
SetEvent
ConnectNamedPipe
GetTickCount
WriteFile
InitializeCriticalSection
GlobalAlloc
Thread32First
LoadLibraryW
TerminateThread
Sleep
CreateEventA
LeaveCriticalSection
GetModuleFileNameA
Thread32Next
ReadFile
DisconnectNamedPipe
GetProcAddress
VirtualAlloc
CreateNamedPipeA
EnterCriticalSection
GlobalFree
ResetEvent
LoadLibraryA
OpenThread
OpenMutexA
MoveFileA
OpenEventA

user32

SetWindowsHookExA
CallNextHookEx

Exports

Exports

_
plus

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7fc9d082cedb10adbae15e365e7485d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

.kdata Size: 1024B - Virtual size: 624B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

.kdata
Size: 1024B - Virtual size: 624B

.reloc
Size: 1KB - Virtual size: 1KB