435099d2f3d2df70ddd6926ef2a05a00_JaffaCakes118

General

Target

435099d2f3d2df70ddd6926ef2a05a00_JaffaCakes118
Size

83KB
MD5

435099d2f3d2df70ddd6926ef2a05a00
SHA1

cc85f632715b58d929b4bde1f180060eada41366
SHA256

ab212e516e75e4729c2e3b8e1cbdde0722ec16c574227b1b7dd02552cf017d79
SHA512

ddf75bb9cd57f57056182a547003895266222323056ac1f1e771a093d4cf86fbe93e96d328192f7415a98e23a8bfb1e31e62683e873c475be03bfff8da4ca813
SSDEEP

1536:QyRYHQvPUCx/4ehpWlEhao4Af47XZWknl9RURj2Z3a87qG7Rg/+:NpPUe/4eXWKha5V1RdZ+/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
435099d2f3d2df70ddd6926ef2a05a00_JaffaCakes118

Files

435099d2f3d2df70ddd6926ef2a05a00_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c9e93b4183039fad9787e0308717bc58

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

win32k.sys

EngCreateDeviceBitmap
EngFreeMem
EngAllocMem
EngDeviceIoControl
EngAssociateSurface
EngCreateDeviceSurface
EngDeleteSurface
EngBitBlt
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
BRUSHOBJ_pvGetRbrush
EngCopyBits
BRUSHOBJ_pvAllocRbrush
EngLockSurface
EngCreateBitmap
EngUnlockSurface
EngQueryPerformanceCounter
EngQueryPerformanceFrequency
EngSecureMem
EngCreateDriverObj
PATHOBJ_vGetBounds
PATHOBJ_bEnum
EngFillPath
PATHOBJ_bEnumClipLines
PATHOBJ_vEnumStartClipLines
EngStrokePath
EngLineTo
EngCreatePalette
EngDeletePalette
PALOBJ_cGetColors
WNDOBJ_bEnum
WNDOBJ_cEnumStart
EngCreateWnd
EngStretchBlt
STROBJ_bEnum
EngTextOut

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 928B - Virtual size: 906B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c9e93b4183039fad9787e0308717bc58

Headers

File Characteristics

Imports

win32k.sys

Sections

.text Size: 77KB - Virtual size: 77KB

.data Size: 3KB - Virtual size: 3KB

INIT Size: 928B - Virtual size: 906B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1000B

.text
Size: 77KB - Virtual size: 77KB

.data
Size: 3KB - Virtual size: 3KB

INIT
Size: 928B - Virtual size: 906B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1000B