a3313d5a19d70b1eb88e694dfb55cf97_JaffaCakes118

General

Target

a3313d5a19d70b1eb88e694dfb55cf97_JaffaCakes118
Size

76KB
MD5

a3313d5a19d70b1eb88e694dfb55cf97
SHA1

3df638cef10312907d17e1ba2cbf632902dabca4
SHA256

4ce6b93bc5c09acd5d48a88bcde64a62b519dfd3b8fd562ada198c9dfdb35214
SHA512

ea3cd206cb07ccc53dd7eaa88abc397e5f7810de0bebd9eadba47f433a3be5d3151b244e847b7baa206a020a12282c069bd57fa042051fa6c90418d1169d2597
SSDEEP

1536:7Z7pTwgshpDM78piqywRQkUGZrjJKZMHNBA6pt30:7Z7pNy3Y3Gp4ZMvz8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3313d5a19d70b1eb88e694dfb55cf97_JaffaCakes118

Files

a3313d5a19d70b1eb88e694dfb55cf97_JaffaCakes118
.dll windows:4 windows x86 arch:x86

526de0911518430ee5a688bbb835d6e6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetTickCount
GetPrivateProfileIntA
CreateFileA
CloseHandle
DeviceIoControl
InterlockedExchange
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
CreateDirectoryA
ExpandEnvironmentStringsA
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameA
lstrlenA
VirtualProtect
MultiByteToWideChar
lstrlenW
GetCommandLineA
InterlockedCompareExchange

user32

wvsprintfA
wsprintfW
CheckRadioButton
PostMessageA
wsprintfA

advapi32

RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid
RegOpenKeyExA

ole32

CoTaskMemFree
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
StringFromGUID2
CoTaskMemAlloc

msvcrt

_except_handler3
malloc
_initterm
fwrite
fopen
free
strncpy
_XcptFilter
_amsg_exit
_adjust_fdiv
fclose
memmove

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

526de0911518430ee5a688bbb835d6e6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 36KB - Virtual size: 68KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 36KB - Virtual size: 68KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB