6917e1665ad4c5cfcf34ba2209c5dad7_JaffaCakes118

General

Target

6917e1665ad4c5cfcf34ba2209c5dad7_JaffaCakes118
Size

240KB
MD5

6917e1665ad4c5cfcf34ba2209c5dad7
SHA1

f5881f8718ec60bd4c51e428277bf12a69d012c4
SHA256

409c676d2d59cea4197d25f01ea460c50f1cd1e29cf607eb18a7131357414193
SHA512

4cf1d355dce18712f818a7741b94ec98b9370aa62ceee5856fe03337662004f869bb61480c53002db5837f89dd5b15d05e0f8a8a7636bc8266a6c64d75c7833e
SSDEEP

6144:HwVimh6IVaR9YVWKIsgMlp71ZpCDRPEsh:HwViKVaRKgpRxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6917e1665ad4c5cfcf34ba2209c5dad7_JaffaCakes118

Files

6917e1665ad4c5cfcf34ba2209c5dad7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8c63d9231f6933c49eab7eafb5b82ae7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

memmove
malloc
realloc
free
isspace
isupper
_adjust_fdiv
_except_handler3
??3@YAXPAX@Z
__dllonexit
_onexit
tolower
_mbctype
isdigit
strncmp
atol
_stricmp
_findclose
_findnext
_findfirst
atoi
strchr
strtol
strncpy
_strnicmp
strtok
__CxxFrameHandler
rename
strrchr
sprintf
??2@YAPAXI@Z
printf
_purecall
_vsnprintf
_initterm
?terminate@@YAXXZ
_strlwr

kernel32

DisableThreadLibraryCalls
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetDriveTypeA
UnmapViewOfFile
MapViewOfFile
IsBadReadPtr
CreateFileMappingA
GetFileInformationByHandle
WriteFile
ReadFile
SetFilePointer
DeleteFileA
CreateFileA
GetLastError
CloseHandle
GetVersionExA
Sleep
CreateDirectoryA

user32

GetSystemMetrics
CharNextA

Exports

Exports

CanUnload
RMACreateInstance
RMAShutdown

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c63d9231f6933c49eab7eafb5b82ae7

Headers

File Characteristics

Imports

pncrt

kernel32

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB