827989b504e6f956510c87cbb42c9a6b_JaffaCakes118

General

Target

827989b504e6f956510c87cbb42c9a6b_JaffaCakes118
Size

15KB
MD5

827989b504e6f956510c87cbb42c9a6b
SHA1

cb46f2d298c33b77e605424736dfb3f18f73e25d
SHA256

79aa380e125167ae0e99cb2b47ad442b3d00d28d3f46c9a17be6dc77b1dd5c7a
SHA512

4248ecc590edd120459dd2a14f035e58a6a23134ddc51c920b5bd0b56b35884ab0f8db689bf05dfae6955c5fee284b565009f92892ac07518534be4237b5c11c
SSDEEP

192:D9+TT3V2R/tnNnoDPRkL2N8LTdaqUCx09K6z0m6wq:u2Dio20BahpHz0m6t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
827989b504e6f956510c87cbb42c9a6b_JaffaCakes118

Files

827989b504e6f956510c87cbb42c9a6b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d966c74f9d67ccf96f78f824466d12c0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
FindClose
FindNextFileA
lstrcpynA
lstrcpyA
lstrcmpA
FindFirstFileA
VirtualProtectEx
LoadLibraryA
Module32Next
Module32First
ReadFile
VirtualFreeEx
CreateThread
Sleep
CreateRemoteThread
WinExec
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
OpenProcess
CreateMutexA
GetLastError
ReleaseMutex
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
lstrlenA
WaitForSingleObject
CreateFileA
WriteFile
CloseHandle
GetTempPathA
GetModuleFileNameA

user32

GetWindowThreadProcessId
EnumWindows
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetWindowTextA
GetActiveWindow

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

shlwapi

StrStrIA

wininet

InternetCloseHandle

msvcrt

??3@YAXPAX@Z
strcmp
_purecall
memcpy
??2@YAPAXI@Z
strstr
strncat
strcat
memset
strcpy
sprintf
_itoa

Sections

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d966c74f9d67ccf96f78f824466d12c0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Sections

.bss Size: - Virtual size: 13KB

.data Size: 12KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB