394ed0b1931ca4617c20d9e17e954e02_JaffaCakes118

General

Target

394ed0b1931ca4617c20d9e17e954e02_JaffaCakes118
Size

44KB
MD5

394ed0b1931ca4617c20d9e17e954e02
SHA1

17f6a7fa2cb005eb5fbdb7db210a6fa3a9992e21
SHA256

43a715335e7af8ab236f4acd0dd93919af5c82c662dc0b1f63fe996456fd9f87
SHA512

2b98ac87f4a3bdf55832b356773a3891f7291aaa63bfd68355e962785535373a221adb3da864d8fd440473ab204ea93d8c9ecf695ed2ce6f4420ad5a72d1ce41
SSDEEP

768:B5duhYkJjmZAypmGrP8FHPDOcLZu9JS0L5DuYyE3ljX:B5duqkVm8PDOcFu9JOE3lj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394ed0b1931ca4617c20d9e17e954e02_JaffaCakes118

Files

394ed0b1931ca4617c20d9e17e954e02_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b2ef4a466937b7c97bb2de6a86591eae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
_ftol
malloc
free
memmove
??3@YAXPAX@Z
modf
strtod
tolower
strncpy
strncmp
sprintf
??2@YAPAXI@Z
_stricmp
_strnicmp

kernel32

WritePrivateProfileStringA
LCMapStringA
ReadFile
SetFilePointer
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetPrivateProfileStringA
IsBadReadPtr
HeapFree
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
GetCurrentProcessId
Sleep
GetModuleHandleA
CreateThread
TerminateThread
OpenProcess
CloseHandle
ReadProcessMemory
WideCharToMultiByte

user32

MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetWindowTextA
PeekMessageA
KillTimer
SetTimer
EnumWindows
GetWindowThreadProcessId
GetMessageA

wininet

InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCloseHandle

ntdll

ZwResumeProcess
ZwSuspendProcess

Exports

Exports

DLL�ӿ�
�ӳ��1

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2ef4a466937b7c97bb2de6a86591eae

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

wininet

ntdll

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 49KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 49KB

.reloc
Size: 4KB - Virtual size: 1KB