447a722fc56b70a1980bf4252f19d6b0_JaffaCakes118

General

Target

447a722fc56b70a1980bf4252f19d6b0_JaffaCakes118
Size

49KB
MD5

447a722fc56b70a1980bf4252f19d6b0
SHA1

603c336580835fd022cc2792c0e0b416d8a0164c
SHA256

d6824c9b44b4fe983879266572a14cc186c41c02f5501693ca274aec12d0ae59
SHA512

2fb59798b36ad8ffc8df5eb4e50d83b37ecc20c67156845e6183352fb25e128cdcdfd0fb59718e26674ffcbddc33e01214c7730fa167be8f046f4962ec070809
SSDEEP

768:3vuAFZaotqdgJKdmTkKmjcz+yjZoebYB2ULQLdkciA+uNIdKCtar:f/Uk6gUmhmjcz5mHL4kcV7IcC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
447a722fc56b70a1980bf4252f19d6b0_JaffaCakes118

Files

447a722fc56b70a1980bf4252f19d6b0_JaffaCakes118
.dll windows:2 windows x86 arch:x86

aec46fd34abf83424c96bc191cc2d3f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetThreadPriorityBoost
InterlockedExchangeAdd
IsProcessorFeaturePresent
VirtualQuery
ConnectNamedPipe
CreateFileMappingA
WaitForMultipleObjects
CreateFileA
ReadFile
GetThreadLocale
GetNamedPipeInfo
RtlMoveMemory
WriteFileGather
SetFilePointer
ExitProcess
MapViewOfFileEx
LeaveCriticalSection
UnmapViewOfFile
EnterCriticalSection
SleepEx
SetThreadContext
OpenThread
GetThreadIOPendingFlag
GetSystemTimes
CreateEventA
InitializeCriticalSection

kbdssdba

wcsrchr
ILSaveToStream
wcscpy
isalpha
CtfAImmDeactivate
_ultoa
__iscsym
_aulldvrm
PrintersGetCommand_RunDLLA
_allmul
PathResolve
ImmGetContext
_itow
ImmIsUIMessageA
ImmGetConversionListA
ImmTranslateMessage
_toupper
iscntrl
ILGetNext
_allshl

Exports

Exports

CreateProcessNotify
ati2clip

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aec46fd34abf83424c96bc191cc2d3f5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

kbdssdba

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 36KB

.rdata Size: 1KB - Virtual size: 4KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 36KB

.rdata
Size: 1KB - Virtual size: 4KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB