d2d6b8b8d8f3a596c2ce263c96149944_JaffaCakes118

General

Target

d2d6b8b8d8f3a596c2ce263c96149944_JaffaCakes118
Size

48KB
MD5

d2d6b8b8d8f3a596c2ce263c96149944
SHA1

36d7431da01c18efe64dbc68883a5a995717c233
SHA256

116298288ac0859013b3ae3d9e96e604f779d75e6d2a0c01920cb85ece6be9c7
SHA512

ea33b44c4abbab5a6e9555b05845d656e27841dbe7deda7e0db669f516822a906292e3ee6b19acb9705cb8b53e50c1e1bf7dbe95c00fa650a9458572d3bcfdd3
SSDEEP

768:3Knop2Qjgd/utvuNji+EQux/iicLQyRww3YhQQTDBUjzctcjLrZbAoUpQtN7v:3D4tMt2RGBpiicsYMOzcEKmFv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2d6b8b8d8f3a596c2ce263c96149944_JaffaCakes118

Files

d2d6b8b8d8f3a596c2ce263c96149944_JaffaCakes118
.dll windows:2 windows x86 arch:x86

30789e6aafe6471baad5a5c1dba6c987

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SuspendThread
GetFileAttributesExA
GetCurrentProcess
RtlZeroMemory
HeapFree
MapViewOfFile
lstrcpyA
VirtualQuery
CreateThread
GetModuleHandleA
ConnectNamedPipe
ReadFile
DeleteFileA
GetVersion
HeapReAlloc
CallNamedPipeA
UnmapViewOfFile
GetCurrentProcessId
WaitForMultipleObjects
CreateFileMappingA
SetThreadPriority
SetFilePointer
GetThreadIOPendingFlag
HeapAlloc
OpenThread
ReadFileScatter
CreateFileA

cscdpres

DragQueryFile
SdbReadDWORDTag
ShimDumpCache
IsUserAnAdmin
SdbRegisterDatabaseEx
SdbResolveDatabase
ILClone
IsNetDrive
SdbQueryApphelpInformation
ILGetSize
CtfImmCoUninitialize
ImmGenerateMessage
PathCleanupSpec
ImmReSizeIMCC
DAD_ShowDragImage
CtfImmTIMActivate
ImmCreateContext
IsLFNDriveA
SdbTagIDToTagRef
ImmAssociateContextEx
SdbTagToString
ILFree
SdbGetDatabaseVersion
ImmRegisterWordA
PifMgr_GetProperties
ImmGetCompositionWindow
ILIsEqual
CheckEscapesA
ImmGetRegisterWordStyleA
ImmEnumInputContext
ImmGetIMCCSize
ImmGetCandidateWindow
SdbOpenDatabase
CtfAImmActivate

Exports

Exports

CreateProcessNotify
disketup

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30789e6aafe6471baad5a5c1dba6c987

Headers

File Characteristics

Imports

kernel32

cscdpres

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB