b3505dd4826f78a76b54affccdd7c8e4_JaffaCakes118

General

Target

b3505dd4826f78a76b54affccdd7c8e4_JaffaCakes118
Size

80KB
MD5

b3505dd4826f78a76b54affccdd7c8e4
SHA1

392ee76ebc2564ef0aa5daa31d576ccaec5decb8
SHA256

654eec1d855bbb85443368225108bb17afe87ea1b85e6645ad48c897bef31da1
SHA512

82486cb6d6c874a06b0fc49deed90533abcc4ff425c19d8117bb05846fff2dd1e1b78c8d144ae9ca0541092a4c43abbc3a14f7e6d6023ab3e73c0ac573bd7d81
SSDEEP

1536:VRk8FHdRGbp4/X076A7BpYzppMh/xxdr7Q+Z:bT/E7TpYzppMh/x3/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3505dd4826f78a76b54affccdd7c8e4_JaffaCakes118

Files

b3505dd4826f78a76b54affccdd7c8e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ac805de5e229b02bfc17e38bac7948a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
CreateProcessA
CreateEventA
GetVolumeInformationA
GetProcAddress
GetSystemTimeAsFileTime
CloseHandle
HeapFree
SetLastError
WriteFile
InterlockedDecrement
CreateDirectoryA
CreateFileA
GetModuleHandleA
GetModuleFileNameA
EnterCriticalSection
OpenEventA
LeaveCriticalSection
LoadLibraryA
GetLastError
GetSystemInfo
lstrlenW
CopyFileA
InitializeCriticalSection
LocalFileTimeToFileTime
FindResourceExA
GetStartupInfoA
CreateRemoteThread
GetQueuedCompletionStatus
GetVersionExA
Beep
VerSetConditionMask
BackupWrite
SystemTimeToFileTime
LoadResource
GlobalAddAtomW
GetFileAttributesW
LocalAlloc
WTSGetActiveConsoleSessionId
WriteProfileStringW
DeleteTimerQueueEx
GlobalMemoryStatus
SetComputerNameExW
ReadFileEx
CreateNamedPipeA
LCMapStringA
FindVolumeMountPointClose
LocalUnlock
GetCurrentDirectoryA
GetDateFormatA
CreateNamedPipeW
GetSystemTimeAdjustment
PostQueuedCompletionStatus
ExpandEnvironmentStringsA
ReplaceFileW
GetTempFileNameA
GlobalDeleteAtom
SizeofResource
DisconnectNamedPipe
TerminateProcess
FindNextVolumeW
SetStdHandle
FindNextFileW

oleaut32

SysAllocStringLen

shlwapi

UrlUnescapeW
PathStripToRootW
PathAppendA
PathBuildRootW
PathIsRelativeW
PathIsNetworkPathW
PathMakePrettyW
PathIsUNCW
StrChrIW
PathIsUNCServerShareW
PathIsUNCServerW

Exports

Exports

CPlApplet

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac805de5e229b02bfc17e38bac7948a9

Headers

File Characteristics

Imports

kernel32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB