8af27171d15e7e6c90900eee0a633a23_JaffaCakes118

General

Target

8af27171d15e7e6c90900eee0a633a23_JaffaCakes118
Size

29KB
MD5

8af27171d15e7e6c90900eee0a633a23
SHA1

821b1307670fd969439e4723b842a9caa48d5e21
SHA256

e3ee5beef9a7ccc62b32ace372c3a93da956d7361240b39a311d719e368c9b2a
SHA512

f3a2a0a11f1d95c10b8efce0faa11fec9819361b27281d300393081d6fac20efe54304db348e9c20b1a142abc42ed6b3e07a06e5e9d22dd6f3147e649c42ed0b
SSDEEP

384:VBQiShdGgwDLv4p/BRyZDNrCxqCDoN1NIkfp2cElRAzPGTeyuEOBfjbhjj:8qDu/BRy9FCJD2F2cEbAHylOpN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8af27171d15e7e6c90900eee0a633a23_JaffaCakes118

Files

8af27171d15e7e6c90900eee0a633a23_JaffaCakes118
.dll windows:4 windows x86 arch:x86

54c46eab76d205523829a8c82b261976

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexA
GetCurrentProcessId
CloseHandle
CreateRemoteThread
VirtualAllocEx
OpenProcess
lstrlenA
GetCurrentProcess
ResumeThread
TerminateProcess
GetModuleFileNameA
VirtualProtectEx
GetTempPathA
VirtualAlloc
WriteProcessMemory
GetPrivateProfileStringA
ReadProcessMemory
SetUnhandledExceptionFilter
SetThreadContext
OpenThread
GetLastError
CreateFileA
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
ExitProcess
GetCurrentThreadId
RaiseException
DeleteFileA
GetLocalTime
GetTickCount
WriteFile
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
LoadLibraryA
GetModuleHandleA
ReadFile
GetProcAddress

user32

GetWindowThreadProcessId
CallNextHookEx
GetWindowTextA

msvcrt

_stricmp
_strlwr
_strcmpi
_strupr
_ltoa
wcslen
srand
??2@YAPAXI@Z
memcpy
strrchr
memset
sprintf
strcat
strcpy
strlen
??3@YAXPAX@Z
strncpy
strchr
strstr
strcmp
__CxxFrameHandler
rand

Exports

Exports

ccc
ddd

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54c46eab76d205523829a8c82b261976

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 14KB

sdt Size: 512B - Virtual size: 140B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 14KB

sdt
Size: 512B - Virtual size: 140B

.reloc
Size: 3KB - Virtual size: 2KB