731c68a21d57fa7800d3707ad9d2a777_JaffaCakes118

General

Target

731c68a21d57fa7800d3707ad9d2a777_JaffaCakes118
Size

28KB
MD5

731c68a21d57fa7800d3707ad9d2a777
SHA1

e7189e5f1e8330251f1d24a3cadd516907995f1b
SHA256

a156e483d4cace2fe5b20284df66a6d187e0aec172a2c330042241df841279a5
SHA512

18a90882518813c9cb44c46385ac7592afd5c5f872edfe9fc49329b662aaa58eaa30ff4242c248837fec0759a2c25d4f8b6d20e21d6d84007c2bf56712a4eb46
SSDEEP

768:f2835mfK6EThh9M3TDpz/XuSInfbsalRtiQTA:+C4LhpySWdV0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
731c68a21d57fa7800d3707ad9d2a777_JaffaCakes118

Files

731c68a21d57fa7800d3707ad9d2a777_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6c899726c32105314842cbdead56aab0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetModuleHandleA
CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
WriteFile
DeleteFileA
InitializeCriticalSection
VirtualProtectEx
GetPrivateProfileStringA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
ReadProcessMemory
SetUnhandledExceptionFilter
GetTickCount
OpenThread
MultiByteToWideChar
TerminateProcess
CreateProcessA
VirtualAlloc
GetSystemDirectoryA
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
CreateMutexA
GetLastError
ExitProcess
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
SetThreadContext
CreateThread

user32

GetWindowThreadProcessId
GetWindowTextA
CallNextHookEx

msvcrt

_stricmp
_strupr
_strlwr
_strcmpi
??2@YAPAXI@Z
memcpy
strrchr
memset
sprintf
strcat
strcpy
strlen
rand
srand
strcmp
wcslen
strstr
??3@YAXPAX@Z
strncpy
strchr
__CxxFrameHandler

Exports

Exports

nnn
ooo

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c899726c32105314842cbdead56aab0

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 14KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 14KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB