615d6c503d7669d31bdb51baff264f0f_JaffaCakes118

General

Target

615d6c503d7669d31bdb51baff264f0f_JaffaCakes118
Size

92KB
MD5

615d6c503d7669d31bdb51baff264f0f
SHA1

9c8a4c3725b0b83653d251c04ea0102d1de4adf4
SHA256

2170709ed4956e7edf5c070ee11927b1adb2dc34703208230c2eb0e7b4480c38
SHA512

34d0f87e834fb57debb5262f6ef475cceb1c923d85d058c281d96ad5dfd04a98774701912318f45957469b700fdc0ae0f90ef1ecc01c1628170e8eb8a1d1d864
SSDEEP

1536:iI12A93EScIR5Av46uTXdoUpIV0YxowlyZyOL:l12AtEScIp65XVHxoL8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
615d6c503d7669d31bdb51baff264f0f_JaffaCakes118

Files

615d6c503d7669d31bdb51baff264f0f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6eb2854ff672839f55ae7c373075458d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GetCurrentProcess
VirtualProtect
IsBadWritePtr
VirtualProtectEx
GetModuleHandleA
WriteProcessMemory
lstrcmpA
Sleep
LCMapStringW
LCMapStringA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCommandLineA
GetVersion
RtlUnwind
RaiseException
HeapFree
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
GetStringTypeA
GetStringTypeW

user32

PostMessageA
MessageBeep
GetAsyncKeyState
FindWindowA
SetWindowTextA
CallNextHookEx

Exports

Exports

QProc
SetGlobalHookHandle

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eb2854ff672839f55ae7c373075458d

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 14KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 14KB

.reloc
Size: 8KB - Virtual size: 7KB