b31854011e3d8943ba64a0244e7be8f0_JaffaCakes118

General

Target

b31854011e3d8943ba64a0244e7be8f0_JaffaCakes118
Size

17KB
MD5

b31854011e3d8943ba64a0244e7be8f0
SHA1

922d727bfd22aac44c9db73b28ac9f2418eeac6d
SHA256

5a1cb2379dfa3d77cf2b2863ec117b5c1120b2926a3414cdd2bae15e2d36dde8
SHA512

5c22ee4721d4cc56a11101e1fc9fd87fc56edeeb3365a7d0780fe86d663ea3210c3d44f6bc76c4a6501edfb7082df2595ab258099dd2a5c8e137c791a7e42680
SSDEEP

192:PU7JIU+zQ74Wx7HCEixLulVcIwY7zQ+u14Ss6q2s4X37Ca0jkR/BbYRlU:gK80Wx7/MujcIwYQFs6q2B7CNQR/BbJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b31854011e3d8943ba64a0244e7be8f0_JaffaCakes118

Files

b31854011e3d8943ba64a0244e7be8f0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ff39373bc422caad55a67d5863e0568a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFreeEx
WaitForSingleObject
WriteProcessMemory
VirtualAllocEx
GetProcAddress
GetModuleHandleA
FindClose
FindNextFileA
lstrcpynA
lstrcmpA
FindFirstFileA
VirtualProtectEx
LoadLibraryA
Module32Next
Module32First
ReadFile
GetLastError
OpenProcess
WinExec
TerminateProcess
ExitProcess
SuspendThread
OpenThread
GetCurrentProcess
ReleaseMutex
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
lstrlenA
CreateFileA
WriteFile
CreateMutexA
GetTempPathA
lstrcpyA
Sleep
CreateThread
CloseHandle
GetModuleFileNameA
GetCurrentProcessId

user32

SetThreadDesktop
EnumWindows
SetProcessWindowStation
OpenWindowStationA
MessageBoxA
GetWindowThreadProcessId
OpenDesktopA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

shlwapi

StrStrIA

msvcrt

memcpy
strcmp
_purecall
strncat
strcat
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
strcpy
strncpy
memset
strstr
_itoa
strlen

wininet

InternetCloseHandle

Sections

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff39373bc422caad55a67d5863e0568a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

wininet

Sections

.bss Size: - Virtual size: 17KB

.data Size: 14KB - Virtual size: 13KB

.reloc Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 17KB

.data
Size: 14KB - Virtual size: 13KB

.reloc
Size: 2KB - Virtual size: 1KB