857bf35df69ebb16b492b767021a5743_JaffaCakes118

General

Target

857bf35df69ebb16b492b767021a5743_JaffaCakes118
Size

203KB
MD5

857bf35df69ebb16b492b767021a5743
SHA1

ff76e62f6595862c70ee35ec5154b0b28ee0e061
SHA256

85779d3dd4d5c110e4014ab10c5a6b6dbab3b20fe8f7d4798b8456bbebe42966
SHA512

3db11c9d185fcaea4a053867ebef887981645ee5b6a49260e25b211d9718fcd579638c623a6eb72c0d7d6139670f4bf1c22f3a1f0356681a1bd28c54d255bc9c
SSDEEP

3072:FuLNAR8ZplzOxHaDjmvU3iXV/TDQkc/iJf7cWRklK5ZPb3eauH2m7x0DKoiKMgi6:FcAa7lzf1SX1DRcFePR3Xdi3gVt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
857bf35df69ebb16b492b767021a5743_JaffaCakes118

Files

857bf35df69ebb16b492b767021a5743_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5b1cbe1dae61c04e8fb4a513a94a388d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualFree
GetVersionExW
FindFirstVolumeW
SetEvent
CreateIoCompletionPort
ExitProcess
LocalAlloc
InterlockedIncrement
GetQueuedCompletionStatus
GetPriorityClass
DeleteCriticalSection
HeapFree
SleepEx
FlushInstructionCache
GetVolumePathNamesForVolumeNameW
GetCurrentProcessId
GlobalFree
GetProcessHeap
InterlockedDecrement
GetModuleHandleA
ReleaseMutex
HeapDestroy
OutputDebugStringA
LoadLibraryW
VirtualAlloc
WaitForSingleObject
ReadDirectoryChangesW
GlobalLock
CloseHandle
ExpandEnvironmentStringsW
GetCommandLineW
GetFullPathNameW

user32

GetClientRect
SendMessageW
MoveWindow
SetWindowsHookExW
TranslateMessage
GetMessageW
GetKeyState
IsMenu
SetRectEmpty
LoadMenuW
MonitorFromPoint
DefWindowProcW
GetMessagePos
SetForegroundWindow
LoadBitmapW
GetSysColorBrush
GetParent
MessageBeep
GetWindowTextLengthW
LoadIconW
DrawTextExW
RegisterClipboardFormatW
IsWindowEnabled
GetDlgCtrlID
DispatchMessageW
CreateDialogParamW
GetSubMenu
LockSetForegroundWindow
CharLowerW
GetClassNameA
GetClassNameW
LoadStringW
BeginPaint
GetMonitorInfoW
EndDialog
ShowWindow

ntdll

NtCreateSection
NtClose
ZwQueryInformationThread
NtExtendSection
NtOpenEventPair
NtOpenFile
NtCreateSemaphore
NtPowerInformation

dxmalmon

_FDenorm
_LSinh
_Nan
_LXbig
_Stod

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b1cbe1dae61c04e8fb4a513a94a388d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ntdll

dxmalmon

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 43KB - Virtual size: 42KB

.rsrc Size: 134KB - Virtual size: 136KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 134KB - Virtual size: 136KB