cefbfebf1453646b522ee5263c76b355_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cefbfebf1453646b522ee5263c76b355_JaffaCakes118
Size

48KB
MD5

cefbfebf1453646b522ee5263c76b355
SHA1

689a95865d1581f1e5249a3cfd6ca764457023dd
SHA256

7db3dc60776661e3721216183a250ac8d6d1b047d6122dfaf841769152492e1f
SHA512

e7dcd4225e0f4ccc6d72c81322ac173057ac91953de39e8c008a8cba5d87219b8ef67cb31f512a5f76f5eb011a5728bbbe79eb6ef5b917c7a66d93b10ba269d5
SSDEEP

384:kWfFK4sWrMGbv1fZz+adUPIJdq8lpi5u77GNlsXv/08mJHniAFN+:kW0Nc9fZzxvJW5u/GnsXa5niAC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cefbfebf1453646b522ee5263c76b355_JaffaCakes118

Files

cefbfebf1453646b522ee5263c76b355_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ea0a6183a990f9484c0bf6a53c4c4739

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrlenW
ReleaseMutex
GetLastError
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
lstrcmpiA
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
CloseHandle
GetCurrentProcess
Module32First
VirtualProtectEx
GetModuleHandleA
GetFileSize
GetModuleFileNameA
TerminateProcess
GlobalFree
GlobalUnlock
DeleteFileA
DisableThreadLibraryCalls
IsBadReadPtr
GetCurrentProcessId
WaitForSingleObject
GetWindowsDirectoryA
Sleep
CreateMutexA
LoadLibraryA
GetProcAddress
lstrcpyA
CreateFileA
GetTickCount
ReadFile
lstrlenA

user32

GetClientRect
GetDC
ReleaseDC
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
wsprintfA

gdi32

CreateHalftonePalette
GetPaletteEntries
DeleteObject
GetNearestPaletteIndex
GetPixel

advapi32

OpenProcessToken
LookupPrivilegeValueA

msvcrt

strcat
strrchr
rand
srand
free
__dllonexit
_onexit
_itoa
_purecall
strcmp
atoi
memset
memcpy
strcpy
_beginthreadex
__CxxFrameHandler
fclose
fputc
fwrite
fopen
fflush
??2@YAPAXI@Z
strncat
strstr

Exports

Exports

_king@16
king

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 63KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea0a6183a990f9484c0bf6a53c4c4739

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.bss Size: - Virtual size: 63KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 19KB

shard Size: 9KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 12KB - Virtual size: 12KB

.bss
Size: - Virtual size: 63KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 19KB

shard
Size: 9KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB