aeaa65c57afdb6e3e6dc5ffad16cb39d_JaffaCakes118

General

Target

aeaa65c57afdb6e3e6dc5ffad16cb39d_JaffaCakes118
Size

20KB
MD5

aeaa65c57afdb6e3e6dc5ffad16cb39d
SHA1

973b7e9dd1d6c4df0566a630f624905e90f9b6cf
SHA256

98ceda56b9e618f1b5ddaa82db2a5339fd2ce66c8281e2a2d13ec11f367a2f84
SHA512

734cd3970171e092ee8f07fa40c9fa39f5b44fa1926e569563ffe8d299f003bd9c771a191422023872f267e388bb5dec29759169e9d0dc02c0e7b32eaa9cc8c8
SSDEEP

384:NTuRe9+Y3gOSDSsyr8Uv7SFarQpEyefoJbZ+hqqpiHXr:m4GwruarQKyefUl73r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aeaa65c57afdb6e3e6dc5ffad16cb39d_JaffaCakes118

Files

aeaa65c57afdb6e3e6dc5ffad16cb39d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a7c7b9b6125e5b88934ee5524d4528e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetTempPathA
CloseHandle
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
SetFilePointer
HeapAlloc
GetProcessHeap
OutputDebugStringA
GetModuleFileNameA
LoadLibraryA
WinExec
GetCurrentProcessId
OpenProcess
TerminateProcess
GetCurrentProcess
lstrlenA
IsBadStringPtrA
GetModuleHandleA
GetProcAddress
Sleep
CreateThread

user32

MessageBoxA
wsprintfA
GetDC
GetWindowRect
GetWindow
GetClassNameW

wininet

InternetCloseHandle

msvcrt

_strupr
free
strcpy
memset
malloc
strcat
sprintf
strlen
_except_handler3
strncpy
strncat
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
ftell
fseek
fopen
mbstowcs
rand
srand
time
wcslen
strstr
wcsncat
wcscpy
wcsstr
_stricmp
strrchr
exit
printf
memcpy
_local_unwind2
strcmp
_vsnprintf
_strcmpi

gdiplus

GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders

gdi32

DeleteObject
CreateCompatibleDC
BitBlt
SelectObject
CreateCompatibleBitmap
DeleteDC
GetDeviceCaps
CreateDCA

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a7c7b9b6125e5b88934ee5524d4528e3

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

gdiplus

gdi32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB