3d1ae5c39f43a41dbf607adc3f130e80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d1ae5c39f43a41dbf607adc3f130e80_JaffaCakes118
Size

37KB
MD5

3d1ae5c39f43a41dbf607adc3f130e80
SHA1

e4f891211bb8c38985d0087345032f3992290131
SHA256

2cb2329b55e53ac710cd505ca6c3b1ea84c3b3f771fd64c5c94671e9f9739ac7
SHA512

fd8d7bdf45f9843eb3bf863e9fe5f562cc32dabc0a79f5579577cd33c4944c45254985b7a0022e5389376348e1e217ced191eeca103efe9192573334a0e78612
SSDEEP

384:pDyIJXqbXaLr+FbxJ27VbzysIgaGqpPkP6ksURdqUHfOwlc8KSnWUiWK1ZcUK6U4:pDJJXqbXaWFbYS/pscaqU2WCUif1ZYcF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d1ae5c39f43a41dbf607adc3f130e80_JaffaCakes118

Files

3d1ae5c39f43a41dbf607adc3f130e80_JaffaCakes118
.dll windows:4 windows x86 arch:x86

db22829e2f118d9e868ecd5852798245

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetFileAttributesA
GetModuleFileNameA
Sleep
WideCharToMultiByte
GetCommandLineA
MultiByteToWideChar
ReadProcessMemory
LoadLibraryA
GetTempPathA
SetThreadPriority
GetFileSize
ReadFile
CreateFileA
GetProcessHeap
VirtualProtect
GetCurrentProcessId
VirtualProtectEx
OpenProcess
GetTickCount
DeviceIoControl
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
InitializeCriticalSection
CloseHandle
WriteProcessMemory
GetModuleHandleA
HeapAlloc
InterlockedExchange
DeleteCriticalSection

msvcrt

wcsncat
wcslen
wcsstr
strrchr
strcat
malloc
_except_handler3
_vsnprintf
isspace
isalnum
atoi
exit
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strcmpi
free
_strlwr
strstr
strlen
mbstowcs
wcscmp
sprintf
strncpy
wcscpy
wcscat
wcsncpy
strchr
strcpy
_stricmp
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

wsock32

shutdown
closesocket

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

user32

wsprintfA
GetForegroundWindow
GetClassNameW
GetWindow

Exports

Exports

DllMoveFile

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db22829e2f118d9e868ecd5852798245

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

advapi32

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB