b0fd8738afc049887289dceaebf59ec8_JaffaCakes118

General

Target

b0fd8738afc049887289dceaebf59ec8_JaffaCakes118
Size

340KB
MD5

b0fd8738afc049887289dceaebf59ec8
SHA1

d988341d2c98ae300fa37dbffe2d9c9fb64759d6
SHA256

1629f445ec30fb750b4a86696e8751b4f5ad8c82702db0b5a5cf16822f2e2d69
SHA512

926921be7e63a89649f6cf84d408a16c9049730d28a6c49023b54d3ef492423badbe8992318dffc6a86fef0038e72b515e556dae18fa53df2acb190c4429d2a5
SSDEEP

6144:buCNT4CzDDYdfxq+rJ9LpKBzg0+tcAkutquS/jW3/g0i:qCvDDYdpq+rJ9LpKBzzAkuMuS7W34T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0fd8738afc049887289dceaebf59ec8_JaffaCakes118

Files

b0fd8738afc049887289dceaebf59ec8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dca8a0a8b16605fedf6418e8a8febd8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
GetLastError
CreateDirectoryA
ReadFile
SetFilePointer
DeleteFileA
MoveFileExA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

shell32

SHGetFolderPathA

Exports

Exports

_DllMain@12

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dca8a0a8b16605fedf6418e8a8febd8d

Headers

File Characteristics

Imports

kernel32

shell32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 299KB - Virtual size: 303KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 299KB - Virtual size: 303KB

.reloc
Size: 4KB - Virtual size: 4KB