620fd326770212dc04bf0e0e08827547_JaffaCakes118

General

Target

620fd326770212dc04bf0e0e08827547_JaffaCakes118
Size

9KB
MD5

620fd326770212dc04bf0e0e08827547
SHA1

9a43a7c9a98983262035ceb35aea27615ea9e345
SHA256

76c78a13e4e1718a9bec57a1e042ff7886127f8ab6772476fc43c96e41b1d45b
SHA512

92c16281d1414a2b2ec54e540a298b67d23383281f0a05c697b2f414ee9af6b8f87203eaefd44158ac331fedebb01007ca2f39a7632c45780da550046abdefb1
SSDEEP

192:CTsp6nrx0MOH0fHlZTnDZbXpcsWGGYWRHb:YssrZGGvXZRWGGYWRH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
620fd326770212dc04bf0e0e08827547_JaffaCakes118

Files

620fd326770212dc04bf0e0e08827547_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c878074d1c0867ff7e0d15d7f432ff87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

rasadhlp.pdb

Imports

msvcrt

malloc
free
_initterm
_adjust_fdiv
_strlwr

ntdll

NtCreateFile
RtlInitUnicodeString
NtDeviceIoControlFile

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
LocalFree
GetProcAddress
GetCurrentThreadId
WaitForSingleObject
CloseHandle
CreateEventW
GetLastError
LocalAlloc
WideCharToMultiByte
FreeLibrary
LoadLibraryW

ws2_32

inet_addr

Exports

Exports

AcsHlpAttemptConnection
AcsHlpNbConnection
AcsHlpNoteNewConnection
WSAttemptAutodialAddr
WSAttemptAutodialName
WSNoteSuccessfulHostentLookup

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.texc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c878074d1c0867ff7e0d15d7f432ff87

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

advapi32

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.texc Size: 2KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.texc
Size: 2KB - Virtual size: 4KB