45e5d83f2184a59ae58c3133a117715d_JaffaCakes118

General

Target

45e5d83f2184a59ae58c3133a117715d_JaffaCakes118
Size

35KB
MD5

45e5d83f2184a59ae58c3133a117715d
SHA1

6d92ef92ef0f4e21f5007e3e5c4511c173058830
SHA256

c225e1fb49956151a783b12653880e44ec0f99a7353af2a4ecd8b5cd23a63b2e
SHA512

bfc774583bb5127dde6b9197052815a0750ae958f9e8426ca1cdc2e0d6171b85d9e56c97b89e16a7615dd4e81391b2ce607ad70c35c84a3e1dd961b6834eafe8
SSDEEP

192:7OwXK7KZsJdEUYss5Omtlu/xZhNvZAAUh1VhwHQbS+WPao5ewCkbkvP6RzbC:7OKsnEosYUkLRAx6Deobu4X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45e5d83f2184a59ae58c3133a117715d_JaffaCakes118

Files

45e5d83f2184a59ae58c3133a117715d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c7df7634bb190ebe8b16d429c96cebbb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetWindowsDirectoryA
GetProcAddress
Sleep
CreateFileA
lstrcatA
ReadFile
GetCurrentProcessId
GetModuleHandleA
LocalAlloc
GetModuleFileNameA
CreateThread
GetPrivateProfileStringA
Module32Next
Module32First
lstrlenW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
OpenProcess
VirtualProtectEx
VirtualProtect
WriteProcessMemory
CreateToolhelp32Snapshot
CloseHandle

user32

wsprintfA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shlwapi

StrStrIA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

msvcrt

_strrev
__CxxFrameHandler
_except_handler3
strrchr
_purecall
isprint
strncat
strlen
_itoa
strcat
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
strcpy
memset

Exports

Exports

onyecao
onyecaoDrawTextEx
onyecaoEditControl
onyecaoExtTextOut
onyecaoGetCharacterPlacement
onyecaoGetTextExtentExPoint
onyecaoPSMTextOut

Sections

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7df7634bb190ebe8b16d429c96cebbb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Exports

Exports

Sections

.bss Size: - Virtual size: 16KB

.data Size: 19KB - Virtual size: 18KB

shard Size: 12KB - Virtual size: 11KB

.reloc Size: 3KB - Virtual size: 2KB

.bss
Size: - Virtual size: 16KB

.data
Size: 19KB - Virtual size: 18KB

shard
Size: 12KB - Virtual size: 11KB

.reloc
Size: 3KB - Virtual size: 2KB