b4a444cf6e1ec492a5ece82aee454cb9_JaffaCakes118

General

Target

b4a444cf6e1ec492a5ece82aee454cb9_JaffaCakes118
Size

28KB
MD5

b4a444cf6e1ec492a5ece82aee454cb9
SHA1

efe0623f0186af77154fff27013035446fabfd7b
SHA256

fe7361016c0c90dcfe4653e021c33a98f3d88abebb12e8ed6903c684cad1d74a
SHA512

cce879d84edafa2cc1955fa8eab576cd877ab30b41058ef4cb726bee334300b3892137f58661bf4c6ec267b888bbd8bb9dd26e02bb6ac8ec4e400edffa1e3818
SSDEEP

768:D35YT0OQHwO2DD+oHLPMwM8QgqR4Rv9cebbZjX:D3ioOQQOCCoHLOcEWxr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4a444cf6e1ec492a5ece82aee454cb9_JaffaCakes118

Files

b4a444cf6e1ec492a5ece82aee454cb9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cba4940d7a189c99b1bdaa9d33327229

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
ReadProcessMemory
GetPrivateProfileStringA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
GetTickCount
RaiseException
GetLocalTime
GetCurrentThreadId
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CallNextHookEx
GetWindowTextA
GetWindowThreadProcessId

imagehlp

ImageLoad
ImageUnload

msvcrt

_strcmpi
_strupr
_strlwr
_stricmp
wcslen
atol
srand
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
??3@YAXPAX@Z
strncpy
strchr
strstr
strcmp
__CxxFrameHandler
rand

Exports

Exports

bbb
kingsoft

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cba4940d7a189c99b1bdaa9d33327229

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 14KB

sdt Size: 512B - Virtual size: 140B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 14KB

sdt
Size: 512B - Virtual size: 140B

.reloc
Size: 3KB - Virtual size: 2KB