d3c9d27bcadaff724bf422fc8e837c7d_JaffaCakes118

General

Target

d3c9d27bcadaff724bf422fc8e837c7d_JaffaCakes118
Size

19KB
MD5

d3c9d27bcadaff724bf422fc8e837c7d
SHA1

754529b6b0471053fad5b66770eb28f5f7fb3b8f
SHA256

c2f0c6f9755e4c9f06013be2d37a599c24be3ec3c2361d063c30c8093ba7545d
SHA512

15972f686464164860f8c9e943130b363d61f09997988b11324e2eb92d5d3f1b9abb17c881933b14b1ced258e87f82ed3e5c704af273eba532989bdfdc1854e3
SSDEEP

384:7OrS5Ka1rrOeeqFJ5b2G4xTB2O3Hr4xjgV9aOS:7OG5FJZ2Ga2O3HijG05

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3c9d27bcadaff724bf422fc8e837c7d_JaffaCakes118

Files

d3c9d27bcadaff724bf422fc8e837c7d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5dd57136395d09e35a01908e344cfc3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
strncmp
strncpy
memcpy
strchr
fopen
fseek
fread
fclose
_strlwr
_getpid
_stricmp
strrchr
malloc
__CxxFrameHandler
abs
sprintf
wcscmp
wcscpy
atoi
strlen
_beginthreadex
strstr
strcmp
strcat
strcpy

kernel32

WaitForSingleObject
GetFileSize
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
LoadLibraryA
GetProcAddress
Sleep
MultiByteToWideChar
WideCharToMultiByte
WritePrivateProfileStringA
GetSystemDirectoryA
DeleteFileA
GetPrivateProfileStringA
CreateThread
CloseHandle

user32

RegisterWindowMessageA
DeregisterShellHookWindow
GetClientRect
GetDC
SetWindowLongA
GetClassNameA
GetWindowTextA
RegisterShellHookWindow
GetWindowRect
CallWindowProcA
ReleaseDC
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
GetParent

ws2_32

WSACleanup
send
recv
socket
inet_addr
htons
connect
gethostbyname
closesocket
inet_ntoa
WSAStartup

shell32

ShellExecuteA

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile

Exports

Exports

KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dd57136395d09e35a01908e344cfc3d

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

shell32

gdi32

gdiplus

Exports

Exports

Sections

.data Size: 17KB - Virtual size: 16KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 17KB - Virtual size: 16KB

.reloc
Size: 1KB - Virtual size: 1KB