4b985bb06041d467dd2a22db26891bb1_JaffaCakes118

General

Target

4b985bb06041d467dd2a22db26891bb1_JaffaCakes118
Size

12KB
MD5

4b985bb06041d467dd2a22db26891bb1
SHA1

6fd318f9cf5a2d9b5729167aeb2ccdb4de576b72
SHA256

811e02bac8e2cb57ffcce442d4527783681e30c440ec4bc1773d5ea5ce44c5aa
SHA512

7b735be7520847148246cbf6e1c710d262a7414f5514027b179109fd7a6b29ed836f7fc499f8e530cdc71dc345a8bfa657ecd7299e625a71e6cb9ba5db3d4db9
SSDEEP

192:NgHLORsnStEO/JW4XVsD6GA6SvkXjRvOKLcOT75X1E4QFEbsh5tOH:NgHxnbXK+b9QFEbozm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b985bb06041d467dd2a22db26891bb1_JaffaCakes118

Files

4b985bb06041d467dd2a22db26891bb1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

043165fa9b0e42fef3f4754ca5246e38

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
WideCharToMultiByte
lstrlenA
RtlZeroMemory
lstrlenW
Module32Next
Module32First
GetWindowsDirectoryA
lstrcmpiA
lstrcatA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
FindClose
FindNextFileA
FindFirstFileA
Process32Next
FreeLibrary
GetCurrentThreadId
DeleteFileA
OpenEventA
SetEvent
LoadLibraryA
CreateMutexA
ReleaseMutex
OpenProcess
GetLastError
RtlFillMemory
lstrcpyA
GetCurrentProcessId
Sleep
lstrcmpA
GetModuleFileNameA
CreateThread
CloseHandle

user32

GetMessageA
PostThreadMessageA
GetWindowThreadProcessId
UnhookWindowsHookEx
EnumWindows
SetWindowsHookExA
wsprintfA
CallNextHookEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken

shlwapi

PathFileExistsA
StrStrIA

msvcrt

strcat
strcpy
strrchr

Exports

Exports

COMResModuleInstance
adn
asWarEsR
comonbabyouyes
comonbabyouyesDrawTextEx
comonbabyouyesEditControl
comonbabyouyesExtTextOut
comonbabyouyesGetCharacterPlacement
comonbabyouyesGetTextExtentExPoint
comonbabyouyesPSMTextOut
dna
dns
ini
sWarEsR
tni

Sections

.bss
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

043165fa9b0e42fef3f4754ca5246e38

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.bss Size: - Virtual size: 67KB

.data Size: 8KB - Virtual size: 8KB

shard Size: 512B - Virtual size: 268B

.reloc Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 8KB

shard
Size: 512B - Virtual size: 268B

.reloc
Size: 2KB - Virtual size: 2KB