889c6095dbe66ceae5d631a1f7f2a8d4_JaffaCakes118

General

Target

889c6095dbe66ceae5d631a1f7f2a8d4_JaffaCakes118
Size

14KB
MD5

889c6095dbe66ceae5d631a1f7f2a8d4
SHA1

ee8572b1578d8c34399f21a2300ab4bf0c2bd72d
SHA256

6397701871065febba146b6b099f5884c8b0464bfaf9b3ef08002a4cb2ddca24
SHA512

22323ce74f829a5772f1aabf6f8cf39ea747e3a6535ec7c1bb2f60e908bd8be192c8ccb914a6e46470ea8813009d13d2da71df4c638203d96d713c1181ddd411
SSDEEP

192:v2WhKfUTXiqYT7F9UqL/+KdCM1/CyifwIh8ZFeFV+hxVQDJZd+kLdydpSN8:vdofU7bHq7QM1p68ZYYxVQlZhoX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
889c6095dbe66ceae5d631a1f7f2a8d4_JaffaCakes118

Files

889c6095dbe66ceae5d631a1f7f2a8d4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

abc353623045707b2fe359fe3fa52a20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
GetModuleHandleA
GlobalAlloc
GetFileSize
GlobalLock
CreateFileA
Sleep
WriteFile
GlobalUnlock
GlobalFree
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetCurrentDirectoryA
GetPrivateProfileStringA
CloseHandle
GetSystemDirectoryA
GetModuleFileNameA

user32

GetDC
GetClientRect
GetClassNameA
EnumWindows
ReleaseDC
GetWindowRect
GetDesktopWindow
GetWindowTextA

gdi32

DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
BitBlt

ws2_32

send
socket
inet_addr
connect
htons
recv
gethostbyname
inet_ntoa
closesocket
WSAStartup
WSACleanup

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage

msvcrt

strncmp
free
_initterm
_adjust_fdiv
_stricmp
_strlwr
strchr
atoi
memcpy
fopen
fseek
fread
fclose
strstr
strncpy
malloc
wcscmp
__CxxFrameHandler
abs
strcmp
strlen
??2@YAPAXI@Z
strcat
??3@YAXPAX@Z
strcpy
_beginthreadex
sprintf
memset

Exports

Exports

KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abc353623045707b2fe359fe3fa52a20

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

gdiplus

msvcrt

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB