d42768b65e37f3454414dc9e802f6bee_JaffaCakes118

General

Target

d42768b65e37f3454414dc9e802f6bee_JaffaCakes118
Size

47KB
MD5

d42768b65e37f3454414dc9e802f6bee
SHA1

45d61d7cd988401ce971864822f27255d1aaf2ee
SHA256

ee06263cdf9d06fa546d1c0f10f2f1d9a427f7dd0fe6165b923b712b700cfc04
SHA512

b68f1f8e79882021954d328ba73f1f5251f6ab2aa83d8628495ac8b5a9ae7fbdc00315f3f389608c42974ec753bbfc56b688f18714623e1b5756b1c1bfc9065e
SSDEEP

768:Xm8UvCgJk8FXqIIjxjM0vJFExTSExy181JNcFsInEJPRI3LheKN5DHBkfAQvYdnS:Q3k89IjxjMAFOT3y18ijEVi3045DHMA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d42768b65e37f3454414dc9e802f6bee_JaffaCakes118

Files

d42768b65e37f3454414dc9e802f6bee_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a49c9ed3a801462e2924910d9f3e91fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

cfgmldlg

SdbTagToString
ImmGetCompositionWindow
SdbReadBinaryTag
FindExecutableA
RealDriveType
PathProcessCommand
CtfImmIsGuidMapEnable
ImmWINNLSGetIMEHotkey
ImmUnregisterWordA
CtfImmGenerateMessage
CtfImmDispatchDefImeMessage
ImmGetRegisterWordStyleA
ImmSetCompositionWindow
DllRegisterServer
SdbFindNextTagRef
CtfImmIsTextFrameServiceDisabled
ShimFlushCache

kernel32

FreeEnvironmentStringsA
InterlockedCompareExchange
GetEnvironmentStringsA
GetCurrentProcessId
SetThreadExecutionState
ReadFile
CreateFileA
SetCurrentDirectoryA
GetThreadPriorityBoost
SetFilePointer
HeapDestroy
VirtualQuery
RtlFillMemory
GetSystemTimeAsFileTime
SetThreadContext
ExpandEnvironmentStringsA
WriteFileEx
InterlockedExchangeAdd
WriteFile
OpenThread
GetModuleHandleA
ReadFileScatter
MapViewOfFile
GetVersion
lstrcmpA
HeapAlloc
InterlockedExchange
WaitForSingleObject
HeapCreate
GetStringTypeExA
GetFileAttributesExA
WaitForMultipleObjects
HeapSetInformation
CreateFileMappingA
lstrcatA
ConnectNamedPipe
UnmapViewOfFile
CallNamedPipeA
HeapFree

Exports

Exports

CreateProcessNotify
cacltcut

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a49c9ed3a801462e2924910d9f3e91fb

Headers

File Characteristics

Imports

cfgmldlg

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB