be5da9bc80ce234cbddd53fce48bf3a4_JaffaCakes118

General

Target

be5da9bc80ce234cbddd53fce48bf3a4_JaffaCakes118
Size

50KB
MD5

be5da9bc80ce234cbddd53fce48bf3a4
SHA1

7372ffa2ff71074647ed3c61288630964ef7930f
SHA256

094bc0c82866cfe1758efaf6c50700724f4998a5bcf90837336a16b293506a96
SHA512

663959b1da8b24e01fb2c796a4c8957b1ad5558fe4d8f71746b386259a647e654e1076e56b3b782ebd8e3fcc63dd91645e6839b89d40554f628081e644fe84f8
SSDEEP

1536:SP3Nyy7PaMQAdvQUwM0g3QH/2LDK6J0Kvc:cNy4a9yw1P+L9v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be5da9bc80ce234cbddd53fce48bf3a4_JaffaCakes118

Files

be5da9bc80ce234cbddd53fce48bf3a4_JaffaCakes118
.dll windows:0 windows x86 arch:x86

ece863835af96de982c3f987f39997cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdsed20

CtfImmIsCiceroStartedInThread
ImmAssociateContextEx
ImmGetContext
ImmSystemHandler
ImmSetActiveContext
ImmGetIMCLockCount
_snwprintf
CtfImmLeaveCoInitCountSkipMode
ImmSendIMEMessageExA
ILFindLastID
ImmGetOpenStatus
ImmLockClientImc
strchr
ImmGetCandidateWindow
ILIsEqual
CtfImmEnterCoInitCountSkipMode
ImmUnregisterWordA
CtfAImmDeactivate
ImmCreateContext
ImmGetCompositionStringA
CtfImmTIMActivate
ImmSetCompositionStringA
ceil
ImmUnlockIMCC
DAD_ShowDragImage
__toascii
log

kernel32

IsProcessorFeaturePresent
GetThreadSelectorEntry
CreateThread
MapViewOfFileEx
CreateEventA
SetFilePointer
ReadFile
CreateFileMappingA
WriteFileEx
VirtualQuery
WaitForMultipleObjects
MapViewOfFile
lstrcpyA
ExitProcess
OpenThread
UnmapViewOfFile
GetStringTypeExA
ExitThread
SetFilePointerEx
SleepEx
CreateFileA

Exports

Exports

CreateProcessNotify
logaPING

Sections

.text
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ece863835af96de982c3f987f39997cb

Headers

File Characteristics

Imports

ntdsed20

kernel32

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 36KB

.rdata Size: 1KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 36KB

.rdata
Size: 1KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 4KB