42b96321ab8d3296885c353e14aaa1ae_JaffaCakes118

General

Target

42b96321ab8d3296885c353e14aaa1ae_JaffaCakes118
Size

104KB
MD5

42b96321ab8d3296885c353e14aaa1ae
SHA1

9de36d189ef32d283a1ea29555bb4fff69e73223
SHA256

6578022e2e1613af0efae0a725f370bde0c00e412b0637aeef79e16b64788b48
SHA512

d62a151ad91b24028d6032caee9d4ad00d18968bf581b59631e12692c039be2ecad8ed646e6de1775b2a343c2d4e3a59bc9435af22283d85e84f4c97095c70cf
SSDEEP

1536:Nh2bkbmcIT/6ZbQfAcF4cpXMc2fOSGzgMxGjC+2G1/yOjHE0KU7ViFiUar:NhjoT/6ZsfAdUXGfxoQje6RjkJTFnar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42b96321ab8d3296885c353e14aaa1ae_JaffaCakes118

Files

42b96321ab8d3296885c353e14aaa1ae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

796b1ac7041886e7ecbabedd5bef8cf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u0npcrmj54.s8vt

Imports

kernel32

UnhandledExceptionFilter
GetLocaleInfoA
HeapAlloc
CreateNamedPipeA
GetCPInfo
GetEnvironmentStringsW
UnmapViewOfFile
VirtualQuery
GetModuleHandleA
WaitForMultipleObjects
SetEvent
FreeEnvironmentStringsA
CreateThread
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
GetFileType
GetStartupInfoA
GetCurrentProcessId
CreateMutexW
VirtualProtect
DeleteTimerQueueTimer
GetACP
InterlockedCompareExchange
InterlockedDecrement
ResetEvent
WideCharToMultiByte
InterlockedExchange
lstrcpyW
HeapDestroy
GetOEMCP
OpenProcess
GetTickCount
SetLastError
DisconnectNamedPipe
CreateTimerQueueTimer
RtlUnwind
CreateEventA
IsBadCodePtr
WaitForSingleObject
LCMapStringA
FreeEnvironmentStringsW
GetCurrentThreadId
QueryPerformanceCounter
InitializeCriticalSection
ReleaseMutex
HeapFree
DeleteCriticalSection
IsBadReadPtr
GetLastError
ConnectNamedPipe
GetSystemInfo
MultiByteToWideChar
DuplicateHandle
LoadLibraryA
GetStdHandle
ExitThread
CopyFileA
Sleep
InterlockedExchangeAdd
LeaveCriticalSection

user32

DrawIcon
CreateIconFromResource
wsprintfW
LoadIconA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

ahlcqlax

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

796b1ac7041886e7ecbabedd5bef8cf7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 68KB

.data Size: 15KB - Virtual size: 45KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 662B

.text
Size: 68KB - Virtual size: 68KB

.data
Size: 15KB - Virtual size: 45KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 662B