93af7ed1bf4fc1f72bcd8caa0070996c_JaffaCakes118

General

Target

93af7ed1bf4fc1f72bcd8caa0070996c_JaffaCakes118
Size

80KB
MD5

93af7ed1bf4fc1f72bcd8caa0070996c
SHA1

d087c90dfdcc257aeed7008dd6c41f855885b592
SHA256

eda2a197e9232d5bac1986a0ff38a4e15daa697dbf8f463f7020df701689d3c6
SHA512

0b9d8984c8175d16285e059b1bc4bd30d6e913e186bdfd51553ce47c6d2a439871c62e2b6cc1bcfde87a93adcd16eeae49233f7311d17380fa698dbd4811146a
SSDEEP

1536:A4n234zpqRDCYFhPhFjlSDXq4SniRSWR6nTqDx5Ce2M0RHnPR:A42mpqxrzlSDXq4SniRSWR6nixN2MIH5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93af7ed1bf4fc1f72bcd8caa0070996c_JaffaCakes118

Files

93af7ed1bf4fc1f72bcd8caa0070996c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

43174fc424c3d412a40a3236a560aefd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
malloc
rand
memcpy
time
_initterm
_adjust_fdiv
wcsstr
wcsncpy
strcpy
_strlwr
strstr
sscanf
memset
strcat
__CxxFrameHandler
strchr
strncpy
atoi
free
_except_handler3
srand
strlen
_strcmpi
_stricmp

kernel32

GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
OpenEventA
ReadFile
WritePrivateProfileStringA
GetCommandLineA
GetPrivateProfileStringA
IsBadReadPtr
lstrlenW
WideCharToMultiByte
VirtualProtectEx

user32

wsprintfA
wvsprintfA

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata1
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43174fc424c3d412a40a3236a560aefd

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 21KB

.idata0 Size: 4KB - Virtual size: 3KB

.idata1 Size: 20KB - Virtual size: 16KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 21KB

.idata0
Size: 4KB - Virtual size: 3KB

.idata1
Size: 20KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB