35b3f4ad55e3cf32784ced7b0e035ebe_JaffaCakes118

General

Target

35b3f4ad55e3cf32784ced7b0e035ebe_JaffaCakes118
Size

170KB
MD5

35b3f4ad55e3cf32784ced7b0e035ebe
SHA1

f368f56b0e3d34005336b7d836e1a6123f2f104c
SHA256

75012d80cb5af703ba75b7a65fa3dd90df132fc3d317b2c5e8ef276f5de2573a
SHA512

f485f9555ecbc841aef609eb7398b3f27d17c503384862127a199b1375c94fdd81de6e96862dabb17ace62f1b6ef34e99fdd7b3739c9224f207e200399f9a4a5
SSDEEP

3072:HIfctYOFrM8HV31e93tNzB2llqLllUj6Y+Qbv10RG/kY4JwN0C5flSVrwmdhDzt5:dYEpM5tNzBXKj6ovqMs5vChoVrJbX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35b3f4ad55e3cf32784ced7b0e035ebe_JaffaCakes118

Files

35b3f4ad55e3cf32784ced7b0e035ebe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96ca6ad6eefc397d69880b65ad493832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetACP
IsDBCSLeadByte
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
Sleep
GetProcAddress
GetUserDefaultLCID
MulDiv
GetSystemTimeAsFileTime
VirtualAlloc
VirtualProtect
VirtualQuery
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
GetComputerNameA
GetCurrentProcess
IsBadReadPtr
GetModuleFileNameA

user32

GetMenuContextHelpId
GetWindowRect
IsCharLowerA
GetWindowRgn
GetWindowDC
IsClipboardFormatAvailable
WindowFromDC
GetForegroundWindow
GetAncestor
GetWindow
GetLastActivePopup
GetWindowInfo
GetWindowThreadProcessId
GetGUIThreadInfo
IsWindowVisible
IsZoomed
GetWindowContextHelpId

advapi32

IsValidAcl
AreAnyAccessesGranted

msvcrt

_adjust_fdiv
malloc
_initterm
free
_memicmp
_set_error_mode
memchr
_swab
_CIsinh
_CIfmod
_ultoa
localeconv
_pctype
_isctype
modf
__mb_cur_max
frexp
div
_ltoa
_CIcosh

gdi32

GetROP2
GdiGetBatchLimit
GetStretchBltMode

ole32

CoGetCurrentProcess

shell32

ord524
DuplicateIcon
ord66

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96ca6ad6eefc397d69880b65ad493832

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

gdi32

ole32

shell32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 69KB - Virtual size: 71KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 69KB - Virtual size: 71KB

.reloc
Size: 3KB - Virtual size: 2KB