5a9bcce60dce9ce4754a4d76ea37e3ac_JaffaCakes118

General

Target

5a9bcce60dce9ce4754a4d76ea37e3ac_JaffaCakes118
Size

44KB
MD5

5a9bcce60dce9ce4754a4d76ea37e3ac
SHA1

2f547e31c2dff4d8eaa79d07b2855724eec026a2
SHA256

9628e88144a89d4bb9093946fcf708224c151a2a2624ebc2ea69af0d4bb547d0
SHA512

d37e12b563813ccb31c7709fa18adce63347046279b1fef7994421f2306093d3e5feda90acc5d5fa8d1eb7dba5957b8477a3852bccd501baa61021ddfa6c3053
SSDEEP

384:eyu142rxaHTl/SZaeRZqTAbLBdwQPXfvp8YtDxKmlN/SUlyY3fawZxuN+cAZoUr8:jl/i/R4TIBK4PvpbtDFVlvZxVZoUrnX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a9bcce60dce9ce4754a4d76ea37e3ac_JaffaCakes118

Files

5a9bcce60dce9ce4754a4d76ea37e3ac_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e61f2f894125bb9afbf614ac34b38d66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
RtlUnwind
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

user32

wsprintfA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
InvalidateRect
MessageBoxA

ollydbg.exe

ord88
ord101
ord44
ord38
ord31
ord12
ord1
ord49
ord46
ord114
ord30
ord28
ord2

Exports

Exports

_ODBG_Pluginaction
_ODBG_Pluginclose
_ODBG_Plugindata
_ODBG_Plugindestroy
_ODBG_Plugininit
_ODBG_Pluginmainloop
_ODBG_Pluginmenu
_ODBG_Pluginreset

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e61f2f894125bb9afbf614ac34b38d66

Headers

File Characteristics

Imports

kernel32

user32

ollydbg.exe

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB