380b29a024281d0d434c0aad5729d155_JaffaCakes118

General

Target

380b29a024281d0d434c0aad5729d155_JaffaCakes118
Size

32KB
MD5

380b29a024281d0d434c0aad5729d155
SHA1

3f81eba7fbbd491c6197581935e6226e1f56815b
SHA256

b53433216f6a0e18e10742cd1e5e8b9b20fd5925453ec0b53a1e6174ec16a53e
SHA512

30db921099325b2683e91382f01e0791554d892a11a24447e92a27f8f4ed267770e6fadef8747571304c61a2c8e4cd9fb4f48c29f9000143169f3c519ce4bd49
SSDEEP

768:P561DWiwh7DPPTZJwAEDjAnlKWTeJNzhI:PAS7JPlWdI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
380b29a024281d0d434c0aad5729d155_JaffaCakes118

Files

380b29a024281d0d434c0aad5729d155_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b2e413e11110d3f989d205814c4a5e03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapCreate
GetModuleFileNameW
CreateFileW
GetLastError
VirtualAlloc
CloseHandle
HeapReAlloc
GetStringTypeW
MultiByteToWideChar
LCMapStringW
GetTickCount
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
lstrlenA
HeapAlloc
HeapSize
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
IsProcessorFeaturePresent

user32

GetWindowRect
GetKeyState
SendMessageA
GetDC
GetWindowTextA
DefWindowProcA
IsWindow
GetWindow
GetShellWindow

gdi32

GetTextMetricsA

avicap32

capCreateCaptureWindowA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 159KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2e413e11110d3f989d205814c4a5e03

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

avicap32

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 159KB - Virtual size: 162KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 159KB - Virtual size: 162KB

.rsrc
Size: 7KB - Virtual size: 6KB