69d074b42d469ee9b63a2f6ba4123364_JaffaCakes118

General

Target

69d074b42d469ee9b63a2f6ba4123364_JaffaCakes118
Size

52KB
MD5

69d074b42d469ee9b63a2f6ba4123364
SHA1

0201d49bc9aa65a02a0fcee0343d9dce8e8ac75e
SHA256

1c1c08b206cb7b27be4116d737daa3888750a1efb734a34965f34a6f6e6c51b4
SHA512

6d35d1d59f78dd6be66290a8fdef5db72c0947ecda08d58e10dc4d8c2c9e70f3ad02b1f7d63ffa5f95177dd7a8ebdaabf16fe7301f27b40552269e6c5e481988
SSDEEP

768:9CROXQ8vgYFkrXSTZIi+lJLLnKBhGO9fw12mdAJfoEX:MROA26rSTZ4JLjO6S9oS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69d074b42d469ee9b63a2f6ba4123364_JaffaCakes118

Files

69d074b42d469ee9b63a2f6ba4123364_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a9650b39fa1e2e9ffa8fa3ff0303820d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetTickCount
GetModuleFileNameA
CallNamedPipeA
Sleep
GetVersion
FindClose
FindNextFileW
FindFirstFileW
SetEvent
DisconnectNamedPipe
WriteFile
lstrlenA
WaitForMultipleObjects
GetLastError
ConnectNamedPipe
ResetEvent
CreateNamedPipeA
CreateEventA
TerminateThread
CreateThread
GetModuleHandleA
GetProcAddress
WaitForSingleObject
GetExitCodeThread
ReadFile
CloseHandle
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers

user32

UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExW
RegEnumKeyW
RegCloseKey
InitializeSecurityDescriptor

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9650b39fa1e2e9ffa8fa3ff0303820d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB