d29664d262bc9e3011cf0522540cde35_JaffaCakes118

General

Target

d29664d262bc9e3011cf0522540cde35_JaffaCakes118
Size

40KB
MD5

d29664d262bc9e3011cf0522540cde35
SHA1

73188b8dfbcafbea0a9aa9b7db295eb728e64dbf
SHA256

6090daec48815d521b66438e0b30d043fc7bd1603118d2451cfca77339690c5c
SHA512

4463b029221e4333514ceadb7dc00f269476f474e8867125a85b7e65cb86b6921f49b24ab9e53c2bfe93650e0e95fec00090a9acd99855e11d4d554044b61bb3
SSDEEP

384:i1da/sZhgS/sCjZM+MY4+nxusdiliG2/YY5hoIgNmAWgq199YKBJNMz7lu9UCJBU:4da/sr/Txumia/F5ho5Nm99zbW7AhJk/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d29664d262bc9e3011cf0522540cde35_JaffaCakes118

Files

d29664d262bc9e3011cf0522540cde35_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6640fc56a7b8a3a36d1fd17322a180fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
CreateMutexA
GetCurrentProcessId
ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
ReadProcessMemory
GetPrivateProfileStringA
DeleteFileA
ReadFile
GetTempPathA
VirtualAlloc
GlobalFree
GetTickCount
RaiseException
GetLocalTime
GetCurrentThreadId
SetUnhandledExceptionFilter
SetThreadContext
OpenThread
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GetCommandLineA
IsBadReadPtr
TerminateThread
CreateThread
CreateFileA
WriteFile
CloseHandle
Sleep
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetModuleHandleA
WideCharToMultiByte
GetProcAddress

user32

GetWindowThreadProcessId
CallNextHookEx
GetWindowTextA

imagehlp

ImageLoad
ImageUnload

msvcrt

_strupr
_strcmpi
_strlwr
_stricmp
wcslen
atol
srand
strcpy
sprintf
strlen
memcpy
??2@YAPAXI@Z
strrchr
memset
strcat
strncpy
strstr
strcmp
__CxxFrameHandler
rand

Exports

Exports

ciwfsd
kingsoft
trte

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ewrw
Size: 4KB - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6640fc56a7b8a3a36d1fd17322a180fe

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 14KB

ewrw Size: 4KB - Virtual size: 140B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 14KB

ewrw
Size: 4KB - Virtual size: 140B

.reloc
Size: 4KB - Virtual size: 2KB