44a07323490921ce649c4a3ca7c56502_JaffaCakes118

General

Target

44a07323490921ce649c4a3ca7c56502_JaffaCakes118
Size

10KB
MD5

44a07323490921ce649c4a3ca7c56502
SHA1

5bc6fe56d2a565703e59536cf2f60b199656988b
SHA256

132a36d2f54cbe686ea8e4fa4988e7bf51df06912cc8b1b7a89647abc546918c
SHA512

d541f7a57f6241a40f2e2deb4c85be10bca2a3650f39145ad8051ff71fb993d5fa496145a51eb81d3d2479e6f57c3bd8bcaf8ab5dbba3be0318c1db14d4cbc5a
SSDEEP

192:VU50gf3qhiwDiSFIg89Xwn1TRx98L6NIQ+pjtKHdxf2vc:6vf2v11xv6Q+pjtof3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44a07323490921ce649c4a3ca7c56502_JaffaCakes118

Files

44a07323490921ce649c4a3ca7c56502_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8fe985b8a2be2a708a04ad3906151450

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
CreateEventA
WaitForSingleObject
lstrlenA
CreateThread
CreateProcessA
CopyFileA
lstrcpyA
lstrcatA
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetSystemDirectoryA
SetEvent
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateMutexA
GetLastError
GetShortPathNameA
SetPriorityClass
GetCurrentProcess
SetThreadPriority
GetCurrentThread
ResumeThread
GetProcessHeap
HeapFree
GetFileSize
HeapAlloc
ReadFile
OpenProcess
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
ReadProcessMemory
Sleep
CloseHandle
CreateFileA
GetModuleFileNameA
GetEnvironmentVariableA
GetSystemTime

user32

FindWindowA

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

EvtShutdown
EvtStartup
inst
run

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fe985b8a2be2a708a04ad3906151450

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 616B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 616B