7633067b8e0635b173e016632c009d67_JaffaCakes118

General

Target

7633067b8e0635b173e016632c009d67_JaffaCakes118
Size

123KB
MD5

7633067b8e0635b173e016632c009d67
SHA1

64720eaea09e695ec11ec05fb73b492d934e0cde
SHA256

315b9877d60e69ea772ce1d6226a4015e9a7122a1016bf911736ed686d60df37
SHA512

26e6a8f200a9a1e21b0b221a72ce3c8fc9a0c9ab188789642e7256632fa426c2f6787475dd18a850fe94ccfd380c23ee7eaacc7d0f7ca51728b3a8c3504820c7
SSDEEP

1536:27pvUlwnJNluRXGWNnCrv9mL1wfKjczsd8o7zG8MHn0Wl0hV0s/n/Bo0OLuXFiUh:ypvU+Jfu1dNCrVE6fhYP768hPy0Fnar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7633067b8e0635b173e016632c009d67_JaffaCakes118

Files

7633067b8e0635b173e016632c009d67_JaffaCakes118
.dll windows:4 windows x86 arch:x86

796b1ac7041886e7ecbabedd5bef8cf7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u0npcrmj54.s8vt

Imports

kernel32

UnhandledExceptionFilter
GetLocaleInfoA
HeapAlloc
CreateNamedPipeA
GetCPInfo
GetEnvironmentStringsW
UnmapViewOfFile
VirtualQuery
GetModuleHandleA
WaitForMultipleObjects
SetEvent
FreeEnvironmentStringsA
CreateThread
SetUnhandledExceptionFilter
WriteFile
GetSystemTimeAsFileTime
GetModuleFileNameA
GetEnvironmentStrings
GetFileType
GetStartupInfoA
GetCurrentProcessId
CreateMutexW
VirtualProtect
DeleteTimerQueueTimer
GetACP
InterlockedCompareExchange
InterlockedDecrement
ResetEvent
WideCharToMultiByte
InterlockedExchange
lstrcpyW
HeapDestroy
GetOEMCP
OpenProcess
GetTickCount
SetLastError
DisconnectNamedPipe
CreateTimerQueueTimer
RtlUnwind
CreateEventA
IsBadCodePtr
WaitForSingleObject
LCMapStringA
FreeEnvironmentStringsW
GetCurrentThreadId
QueryPerformanceCounter
InitializeCriticalSection
ReleaseMutex
HeapFree
DeleteCriticalSection
IsBadReadPtr
GetLastError
ConnectNamedPipe
GetSystemInfo
MultiByteToWideChar
DuplicateHandle
LoadLibraryA
GetStdHandle
ExitThread
CopyFileA
Sleep
InterlockedExchangeAdd
LeaveCriticalSection

user32

DrawIcon
CreateIconFromResource
wsprintfW
LoadIconA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

gsmenuxs

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

796b1ac7041886e7ecbabedd5bef8cf7

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 69KB

.data Size: 33KB - Virtual size: 62KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 702B

.text
Size: 69KB - Virtual size: 69KB

.data
Size: 33KB - Virtual size: 62KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 702B