39c4653955feab84d62627d7b7cd4837_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39c4653955feab84d62627d7b7cd4837_JaffaCakes118
Size

52KB
MD5

39c4653955feab84d62627d7b7cd4837
SHA1

4c0448d3ed233eb5ed3cfc432a43232fd28a1431
SHA256

251d1384f8973b14da97c37768b66bfb7a28c014b6d97ae7ff1c2cf06086a34e
SHA512

83e606d5960475e67a8ce105aab37821324852f9babcb371f3f1b9b62675482ad5a8523d934fa5b79c89708cc77f891561210ccf435e89a002b736d24d334941
SSDEEP

1536:zeP1/iRkWEMAAF6OpCztz+xvsBttSUkgzE/RT6s0Vdmu1kC:o/iivvO6z+x4XSUkkEJ68u1kC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39c4653955feab84d62627d7b7cd4837_JaffaCakes118

Files

39c4653955feab84d62627d7b7cd4837_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3fb492a3d5df9efabec1a3980cb71095

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CreateThread
lstrcpyA
DisableThreadLibraryCalls
GetLastError
CloseHandle
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingA
GetFileSize
GetCurrentProcess
FreeLibrary
DeviceIoControl
lstrcatW
MultiByteToWideChar
GlobalFree
LoadLibraryExA
GlobalAlloc
GetModuleHandleA
CreateMutexA
LoadLibraryA
lstrcatA
GetWindowsDirectoryA
GetProcAddress
MapViewOfFile
Sleep

user32

GetWindowThreadProcessId
CreateWindowExA
wsprintfA
DefWindowProcA
IsWindow
PostMessageA
GetDesktopWindow
EnumWindows
MessageBoxA
LoadCursorA
UnregisterClassA
RegisterClassExA

advapi32

LookupPrivilegeValueA
OpenProcessToken
DeleteService

msvcrt

strncpy
free
strstr
fopen
printf
fscanf
srand
_strlwr
rand
fclose

psapi

GetModuleFileNameExA

wininet

DeleteUrlCacheEntry

imm32

ImmUnlockIMC
ImmLockIMC

Exports

Exports

CreateProcessNotify
DllCanUnloadNow
DllGetClassObject
ImeConfigure
ImeConversionList
ImeDestroy
ImeEscape
ImeInquire
ImeProcessKey
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
NotifyIME
Setconfig
Setskin

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nobody
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fb492a3d5df9efabec1a3980cb71095

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

psapi

wininet

imm32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 114KB - Virtual size: 114KB

nobody Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 114KB - Virtual size: 114KB

nobody
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB