abf4d87d727d6d8573834d4360124e1e_JaffaCakes118

General

Target

abf4d87d727d6d8573834d4360124e1e_JaffaCakes118
Size

39KB
MD5

abf4d87d727d6d8573834d4360124e1e
SHA1

e24f4bd5b86b72c33bc655cd78ec74fb3e9a8a6f
SHA256

3bfa331c4cfce20378838d0f77e143a679026a5bdd410442196b90c7ff0deb27
SHA512

e09d5bf34d57036fc65d37d5685a30e6066d3d95dbfb9b7a1fae792bf49a4af1f86bfe30acd8054d1dae7a64270f3a6847aab363a97aebf131b4f1fedb867d7e
SSDEEP

768:ra0A/J9oi3j60KfJAAKrpzrZgTptW7fGf0tddqtm:20KJ9ow60AKxqtW7fGcEt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abf4d87d727d6d8573834d4360124e1e_JaffaCakes118

Files

abf4d87d727d6d8573834d4360124e1e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cf7c18fb5a57707b7a0592df10cd57d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetFileSize
ReadFile
GetEnvironmentVariableA
GetProcAddress
LoadLibraryA
CloseHandle
MoveFileExA
FreeLibrary
WaitForSingleObject
CreateProcessA
CopyFileA
GetTempFileNameA
GetModuleFileNameA
LoadLibraryExA
CreateMutexA
ReleaseMutex
GetTempPathA
DeleteFileA
ExitProcess
GetModuleHandleExA
GetCommandLineA
Sleep
ExitThread
CreateDirectoryA
GetLastError
OpenMutexA
GetCurrentProcessId
CreateThread
GetVolumeInformationW
GetSystemTime
SetFilePointer
GetTickCount
LoadLibraryW
GetSystemDirectoryA
VirtualProtect
CreateMutexW
CompareFileTime
GetSystemTimeAsFileTime
WaitNamedPipeW
WriteFile
CreateFileW
ConnectNamedPipe
CreateNamedPipeW
CreateEventA
DisconnectNamedPipe
RaiseException
InterlockedExchange
LocalAlloc

user32

GetMessageW
CallNextHookEx
SetWindowsHookExA

msvcrt

free
malloc
strlen
strcat
memcpy
memset
strncat
strncmp
strstr
strcpy
strchr
strrchr
??2@YAPAXI@Z
memmove
strcmp
wcscmp
memcmp
atoi
strncpy
rand
srand
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_itoa
_strlwr
_except_handler3

Exports

Exports

DllInstall
InitCommon
InitService
StartProt

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec
Size: 512B - Virtual size: 133B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf7c18fb5a57707b7a0592df10cd57d1

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 5KB

.mysec Size: 512B - Virtual size: 133B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 5KB

.mysec
Size: 512B - Virtual size: 133B

.reloc
Size: 3KB - Virtual size: 2KB