d57399d58253449739cc4274d5b706ed_JaffaCakes118

General

Target

d57399d58253449739cc4274d5b706ed_JaffaCakes118
Size

32KB
MD5

d57399d58253449739cc4274d5b706ed
SHA1

59387dabcc2c91fd9015563973ef7a9fd4ce9d53
SHA256

440ab360e7570c024f56beeecc74e95e341ae08dc6b9e977d706418235a2b84a
SHA512

12d6e06e9be2d518c61d51f2ef6e7a40d7cf6c057c99dc419a6bd2df1642fe9457b8c8597162a7cee4789bcef8256620557f580cfd4fd23cd8b9bbec95061e62
SSDEEP

768:dvfZawN28BUgBmZo2HTDuosaaAKXOPPPJ:1L28Guo4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d57399d58253449739cc4274d5b706ed_JaffaCakes118

Files

d57399d58253449739cc4274d5b706ed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

16812127b1902e371fb8486077cac49d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
WaitForMultipleObjects
GetDriveTypeA
GetLogicalDriveStringsA
CloseHandle
WriteFile
GetFileSize
SetFilePointer
VirtualFree
IsBadReadPtr
Sleep
CreateThread
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
GetLastError
VirtualAlloc
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GetCurrentProcess
ResumeThread
SuspendThread
WaitForSingleObject
ResetEvent
InterlockedIncrement
SetThreadPriority
GetPrivateProfileStringA
TerminateThread

msvcrt

strlen
atol
strchr
_except_handler3
strstr
strcat
strcpy
sprintf
memcpy
memset
??3@YAXPAX@Z
strrchr
free
realloc
wcslen
??2@YAPAXI@Z
wcscmp
malloc
rand
_strupr
_strlwr
_strcmpi
_ltoa

Exports

Exports

Init
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16812127b1902e371fb8486077cac49d

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 1KB