472b790e5f3037b4e3fa31b2fb4da440_JaffaCakes118

General

Target

472b790e5f3037b4e3fa31b2fb4da440_JaffaCakes118
Size

76KB
MD5

472b790e5f3037b4e3fa31b2fb4da440
SHA1

fe7841bde55d7ed475bc2ceb3eb0a23a9b22bf55
SHA256

126308c7e87521a4c3819203b4433fad062aff8bf4b2b10a7f8a3974a0b86d08
SHA512

37f602cb44fea5ea0bc6755853e24a187d15c4ef04fc89163e0eb88dd3d030a8dd743451af7fa6394959275cc7edfbb5cbc495d9a8515c10e9c00af054ebc2e7
SSDEEP

1536:iUcgZQr4maCzDjYqnoDQvkGYhTBqoJUdFief/NAaPqfVC:rcga1Dkqno8vkGxFAOqd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
472b790e5f3037b4e3fa31b2fb4da440_JaffaCakes118

Files

472b790e5f3037b4e3fa31b2fb4da440_JaffaCakes118
.dll .js windows:4 windows x86 arch:x86 polyglot

e63b1a1e31ed2374ce117d40e4e4c269

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strchr
RtlTimeToSecondsSince1970
NtQuerySystemTime
sscanf
_itoa
RtlImageDirectoryEntryToData
atol
RtlAdjustPrivilege
strncpy
tolower
_snwprintf
strcat
RtlComputeCrc32
memset
strncmp
vsprintf
strcmp
wcsstr
wcslen
_snprintf
atoi
_memicmp
memcpy
memcmp
strlen
_aullrem

kernel32

FindFirstFileA
InterlockedExchange
LocalAlloc
CreateMutexA
GlobalFree
GlobalAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
VirtualProtect
WideCharToMultiByte
GetCommandLineA
ExitProcess
WriteFile
SetFilePointer
GetCurrentProcessId
VirtualFree
VirtualAlloc
InterlockedDecrement
GetTickCount
Sleep
GetLastError
GetModuleHandleA
InterlockedIncrement
WaitForSingleObject
SetEvent
GetCurrentThread
CreateEventA
ResetEvent
CreateThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OpenProcess
lstrcmpiA
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
FreeLibrary
GetVersionExA
GetProcAddress
FindClose
LoadLibraryA
FindNextFileA
CreateFileA
VirtualQuery
GetCurrentProcess
Process32First
MultiByteToWideChar
Process32Next
CreateToolhelp32Snapshot
RaiseException

Exports

Exports

ImpersonateAsInput
ModuleLoad
ModuleUpdate
SetInputDesktop

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e63b1a1e31ed2374ce117d40e4e4c269

Headers

File Characteristics

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 760B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 760B

.reloc
Size: 4KB - Virtual size: 3KB