af32f3ad94cbbd4fcb601f30f0b75531_JaffaCakes118

General

Target

af32f3ad94cbbd4fcb601f30f0b75531_JaffaCakes118
Size

49KB
MD5

af32f3ad94cbbd4fcb601f30f0b75531
SHA1

290685f2f0b7286648d6d84539696e290e6ccae4
SHA256

169fbaf6424b07b295739540095bc3e5f88d854b866df1209e605a8ddd0b9d08
SHA512

f4ce34b6f5c1bb469e32f539e99b708cf12702ce4deb9cde0a04a36cc12e32787d1e060de0c21e6381fd16229e1f569cc63d043b826ce7f6c962301207487175
SSDEEP

768:h6ujLA0/mDkEYr/OLXqSRupMgl4PB2GtCG5khtOP9R2CLfMdJ6qSUu7C:htjLA0+DbLXZ2MbP7N5stckCLfM6x7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af32f3ad94cbbd4fcb601f30f0b75531_JaffaCakes118

Files

af32f3ad94cbbd4fcb601f30f0b75531_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ef6bc7a9159636fc807645cb521b2e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WORK\WORK_PECEPB\Work_2012 Private\Клиенты\knifer\Silence_lock_bot\Silence_lock_bot\Release\Silence_lock_bot.pdb

Imports

kernel32

lstrcmpA
Sleep
MulDiv
GlobalUnlock
RtlMoveMemory
GlobalFree
GlobalLock
GlobalAlloc
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceA
ExitProcess
CreateThread
GetVersionExA
RtlZeroMemory
LoadLibraryExA
GetProcAddress
GetModuleFileNameA
FreeResource

user32

MessageBoxA
SetFocus
SetWindowTextA
GetDlgItemTextA
GetDlgItem
CreateWindowExA
SetTimer
RegisterClassA
LoadCursorA
GetMessageA
BeginPaint
TranslateMessage
DefWindowProcA
EnumWindows
ShowWindow
KillTimer
GetDC
ReleaseDC
GetWindowTextA
SendMessageA
DispatchMessageA
EndPaint
wsprintfA
SetWindowPos

gdi32

DeleteDC
GetDeviceCaps
CreateCompatibleDC
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ef6bc7a9159636fc807645cb521b2e0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 676B

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 676B

.rsrc
Size: 40KB - Virtual size: 40KB