a7f9977903ea5f5ea9d726d391a530a8_JaffaCakes118

General

Target

a7f9977903ea5f5ea9d726d391a530a8_JaffaCakes118
Size

27KB
MD5

a7f9977903ea5f5ea9d726d391a530a8
SHA1

c5a0571f2c65734d1fd404c0b312b6b15d7c6dd7
SHA256

f2bdeee620bf075f04e5f08c04caf1438fb2f17ff185447579d5f8d873dde342
SHA512

c4a363ced488e85c46b3e9bdca9f3b587662930c2dbc463bd6b4a1f912a8955713aa040e52cca8466aa564ef263512ebbf15ca16d40cd5cef90a6510ed4cdbad
SSDEEP

384:JBTH4dnDaBBmtWCz5hEU9GeTyPD0fNT1rd3O2pErQfsHCVscnWMRuInZKk+6:JBSDntWCNhEUJyPDq91pFXsxMRuW+6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7f9977903ea5f5ea9d726d391a530a8_JaffaCakes118

Files

a7f9977903ea5f5ea9d726d391a530a8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

24efae4b7e2cee7c2da45578f7215b10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
WriteFile
DeleteFileA
InitializeCriticalSection
GetModuleHandleA
VirtualProtectEx
VirtualProtect
GetPrivateProfileStringA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
ReadProcessMemory
SetUnhandledExceptionFilter
GetCurrentProcessId
OpenThread
MultiByteToWideChar
TerminateProcess
CreateProcessA
VirtualAlloc
GetSystemDirectoryA
GetCurrentThreadId
GetCurrentProcess
CreateMutexA
GetLastError
ExitProcess
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCommandLineA
IsBadReadPtr
TerminateThread
SetThreadContext
CreateThread

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetForegroundWindow
CallNextHookEx
GetWindowThreadProcessId
FindWindowA
GetWindowTextA

msvcrt

fread
fopen
_strupr
_stricmp
_strcmpi
_strlwr
fclose
??2@YAPAXI@Z
memcpy
strrchr
memset
sprintf
strcat
strcpy
strcmp
wcslen
strlen
strstr
atoi
??3@YAXPAX@Z
strncpy
strchr

Exports

Exports

erc
nnn

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24efae4b7e2cee7c2da45578f7215b10

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 13KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 13KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 2KB