969337eeebf0e10d053f3e6055fdc89e_JaffaCakes118

General

Target

969337eeebf0e10d053f3e6055fdc89e_JaffaCakes118
Size

17KB
MD5

969337eeebf0e10d053f3e6055fdc89e
SHA1

d8553fe520e07c76c305084079406d742b5f722c
SHA256

984fced8afb36c1a2cd1372419425bc423f68e4b4c9fee705e9ed0577734377a
SHA512

c5a0c79ca039caf4eed892d4f0a2a3a44e2bdf4dcdd619f7732c00f7a8896837904109695c32fcd725e9b5df67f7bb61901181472199120753992a70ed8d70c9
SSDEEP

192:csLyY+WOvKvOP7vWYTdkBhMyzD49Egtq0ht6:csLyoOvfP7OYSByyzD49Ecjj6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
969337eeebf0e10d053f3e6055fdc89e_JaffaCakes118

Files

969337eeebf0e10d053f3e6055fdc89e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

adb1395ac4827a280dfe5828a3d3d9a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\WORK 源码\YY4\Release\YY4.pdb

Imports

kernel32

lstrcatA
FindFirstFileA
FindNextFileA
CloseHandle
GetTempPathA
DeleteFileA
CreateThread
GetProcAddress
GetModuleHandleA
VirtualAlloc
Sleep
lstrcpyA
WideCharToMultiByte
OutputDebugStringA

user32

wsprintfA

shlwapi

PathRemoveBackslashA
PathRemoveFileSpecA

msvcrt

memcpy
wcsstr
_wtoi

ws2_32

WSAStartup
send
inet_addr
htons
connect
closesocket
socket

Exports

Exports

WahCloseApcHelper
WahCloseHandleHelper
WahCloseNotificationHandleHelper
WahCloseSocketHandle
WahCloseThread
WahCompleteRequest
WahCreateHandleContextTable
WahCreateNotificationHandle
WahCreateSocketHandle
WahDestroyHandleContextTable
WahDisableNonIFSHandleSupport
WahEnableNonIFSHandleSupport
WahEnumerateHandleContexts
WahInsertHandleContext
WahNotifyAllProcesses
WahOpenApcHelper
WahOpenCurrentThread
WahOpenHandleHelper
WahOpenNotificationHandleHelper
WahQueueUserApc
WahReferenceContextByHandle
WahRemoveHandleContext
WahWaitForNotification

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

adb1395ac4827a280dfe5828a3d3d9a8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

msvcrt

ws2_32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 385B

.reloc Size: 512B - Virtual size: 298B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 385B

.reloc
Size: 512B - Virtual size: 298B