cf23b96692efec9cf3abb406d5627a33_JaffaCakes118

General

Target

cf23b96692efec9cf3abb406d5627a33_JaffaCakes118
Size

40KB
MD5

cf23b96692efec9cf3abb406d5627a33
SHA1

73165c0301f5f8d2f09ad4526dfd5591f35ca9db
SHA256

02fbaaa65b44ee13ec8b349b4e2e2d37f4c8120ad885e87b8e8b4a957c225eae
SHA512

aa4f9b97a0f26a13b6af14ee1edc5a0fd9ab4fcfabbba6b9134f98594bbadea3df0f3c15a595d80e7810404793ff4ac00100e2b93adb65956da8497b25b730ae
SSDEEP

192:tUTtvZsNr5WKDhRkUN8sE0KRVi0Q+ZskAWRsPV5eTcpi0oXJz1t5D18pVXPdGIhL:+TgAWewwJz1t5Ds/dGIh5YCVMro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf23b96692efec9cf3abb406d5627a33_JaffaCakes118

Files

cf23b96692efec9cf3abb406d5627a33_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d1a56f60de06ca8619c13814ba4662ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Module32Next
Module32First
GetCurrentProcessId
lstrcpyA
GetWindowsDirectoryA
CreateFileA
lstrcatA
ReadFile
lstrlenW
GetProcAddress
GetModuleHandleA
LocalAlloc
Sleep
GetModuleFileNameA
GetPrivateProfileStringA
CreateThread
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
OpenProcess
VirtualProtectEx
VirtualProtect
WriteProcessMemory
lstrcmpA
CreateToolhelp32Snapshot
CloseHandle

user32

wsprintfA

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA

shlwapi

StrStrIA

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

msvcr71

strstr
__CxxFrameHandler
_except_handler3
strrchr
_purecall
isprint
strncat
strlen
strcat
_itoa
??2@YAPAXI@Z
memset
strcpy
??3@YAXPAX@Z
memcpy

Exports

Exports

onyecao
onyecaoDrawTextEx
onyecaoEditControl
onyecaoExtTextOut
onyecaoGetCharacterPlacement
onyecaoGetTextExtentExPoint
onyecaoPSMTextOut

Sections

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a56f60de06ca8619c13814ba4662ba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcr71

Exports

Exports

Sections

.bss Size: - Virtual size: 16KB

.data Size: 20KB - Virtual size: 17KB

shard Size: 12KB - Virtual size: 11KB

.reloc Size: 4KB - Virtual size: 2KB

.bss
Size: - Virtual size: 16KB

.data
Size: 20KB - Virtual size: 17KB

shard
Size: 12KB - Virtual size: 11KB

.reloc
Size: 4KB - Virtual size: 2KB