dd66d76444e0c0af0f0668b66c4aa4c6_JaffaCakes118

General

Target

dd66d76444e0c0af0f0668b66c4aa4c6_JaffaCakes118
Size

42KB
MD5

dd66d76444e0c0af0f0668b66c4aa4c6
SHA1

3d581376c708572d2c3582ce7acc3311666a22dc
SHA256

f0e317e505a78226fa4e9938a7c896d5b03b4f2bf30937b7454ab3ea0d6c768d
SHA512

ec27cea7877e555770a916351f8b91044810dd12c9725bb1e6af5202f532f402ba1f2ba0a5fa76c52f2229665c89897b67bc5a7c51852f646df5cecb4c20fd90
SSDEEP

768:wqqt1iIujSoFlXrV92dVqd2AgtGl1MXhUVQCUbhQdRRIt:wLujSgLoVqd2AbzwUVQydn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd66d76444e0c0af0f0668b66c4aa4c6_JaffaCakes118

Files

dd66d76444e0c0af0f0668b66c4aa4c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2f65b85b3abe616321cbb849446a636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualLock
VirtualProtect
GetFileInformationByHandle
SwitchToFiber
FindFirstVolumeMountPointW
Heap32ListNext
GetEnvironmentStringsA
FlushInstructionCache
Module32FirstW
GetEnvironmentVariableA
GlobalAddAtomW
PrivCopyFileExW
CreateProcessW
GetLastError
FindFirstVolumeA
GetVolumeNameForVolumeMountPointA

user32

DestroyMenu
SetTimer
BeginPaint
UserRegisterWowHandlers
DrawIconEx
SendMessageCallbackA
EndTask
MessageBoxIndirectA
GetWindowRect
DdeCreateStringHandleW
GetMenuItemInfoW
ReplyMessage
DefDlgProcW
PostMessageA
DefMDIChildProcA
LoadImageW
VkKeyScanExW
OpenClipboard
InsertMenuW
SoftModalMessageBox
GetClipboardOwner
GetKeyNameTextA
LoadIconA
GetWindowDC
DdeCreateStringHandleA
DestroyIcon

gdi32

GdiRealizationInfo
GetCharWidthInfo
EngCreateClip
EnumObjects
GetCurrentPositionEx
XLATEOBJ_piVector
GdiEndPageEMF
GdiConvertBrush
GdiPlayPrivatePageEMF
GetRgnBox
ResetDCA
PATHOBJ_vEnumStart
GdiEntry5
CreateDIBitmap
SetROP2
GetDeviceCaps
CreateFontA
EudcLoadLinkW
GetTextExtentExPointA
UpdateColors
CreateICW
BRUSHOBJ_hGetColorTransform
SetICMProfileA
RemoveFontMemResourceEx

comdlg32

Ssync_ANSI_UNICODE_Struct_For_WOW
ReplaceTextA
FindTextW
PrintDlgW
PrintDlgExA
LoadAlterBitmap
PageSetupDlgA
ChooseFontW
ChooseFontA
PageSetupDlgW
dwOKSubclass
PrintDlgA
GetSaveFileNameW
ReplaceTextW
CommDlgExtendedError
WantArrows
GetFileTitleA

Sections

.text
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2f65b85b3abe616321cbb849446a636

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 4KB - Virtual size: 1.0MB

.data Size: 34KB - Virtual size: 36KB

.idata Size: 2KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 1.0MB

.data
Size: 34KB - Virtual size: 36KB

.idata
Size: 2KB - Virtual size: 4KB