59e666221943edace4e1a40801f717eb_JaffaCakes118

General

Target

59e666221943edace4e1a40801f717eb_JaffaCakes118
Size

44KB
MD5

59e666221943edace4e1a40801f717eb
SHA1

4ca6202c5c2f54859d6b6c439093783d86f12747
SHA256

a4ce25fb92591a4aa355b28f9a854490fc821bc1a19e587d19bf9d47b4b1630b
SHA512

4777f6028ff23d5779856600714a3455bf811c45615100ad956503e5473f529266f0ee6b65d5d1c16a4e97b1cb9eeeb6d5d5e8cfb2df333e26b2998dd767fd5b
SSDEEP

768:Qx+d8neg7szGjKbtRJ53FeuF8hQJM4ToUyQz:s+KneMsrtb5tOqoC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59e666221943edace4e1a40801f717eb_JaffaCakes118

Files

59e666221943edace4e1a40801f717eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4ff0fb7a18877b21e2fd37dc5295776d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
SetFilePointer
GetLastError
WriteFile
DisableThreadLibraryCalls
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetVersion
ExitProcess
CloseHandle

user32

OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxA
CreatePopupMenu
AppendMenuA
DestroyMenu
GetKeyState
InvalidateRect
DefMDIChildProcA

ollydbg.exe

ord4
ord170
ord117
ord79
ord12
ord1
ord49
ord114
ord28
ord100
ord44
ord101
ord38
ord31
ord46
ord113
ord71
ord107
ord87
ord104
ord30
ord2
ord88
ord89

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset
_ODBG_Pluginshortcut

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ff0fb7a18877b21e2fd37dc5295776d

Headers

File Characteristics

Imports

kernel32

user32

ollydbg.exe

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 1KB