df32b24c11155b83e884a8742f49a42f_JaffaCakes118

General

Target

df32b24c11155b83e884a8742f49a42f_JaffaCakes118
Size

1.2MB
MD5

df32b24c11155b83e884a8742f49a42f
SHA1

8284996c7eee16e031d5cba4c91f53355005bb11
SHA256

def05259d8d2219bd153908d4288d35a945a22c33e8a4dfb468785995f1af46b
SHA512

f586fad76311cb07b572929716b39b0761fd7de8c1e14585195baf0c0b51dbde7871f0b5dd55d6e3711766389ae6ebad9691f05f71cce40b9906e7aca3c1e7a0
SSDEEP

24576:NP1DTggtWDqitLJDLi1KVKwwi0o7wdrh0kBF:N5ggw3tLpu1yKXih7kpH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df32b24c11155b83e884a8742f49a42f_JaffaCakes118

Files

df32b24c11155b83e884a8742f49a42f_JaffaCakes118
.exe windows:8 windows x86 arch:x86

be19d7c4c8ef6150f5f1d993779bfa97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

SHCloneSpecialIDList
PathGetShortPath
RealDriveType
PrintersGetCommand_RunDLL
SHGetDesktopFolder
PathQualify
DllUnregisterServer
DllInstall
PathCleanupSpec
PathYetAnotherMakeUniqueName
SHRestricted
SHOpenFolderAndSelectItems
DllCanUnloadNow
ILCloneFirst
SHCreateShellItem
SHGetImageList
DoEnvironmentSubstA
ShellExecuteEx
ILCreateFromPath
SHDoDragDrop
SHUpdateImageA
SHPropStgCreate
SHChangeNotify
SHHelpShortcuts_RunDLLA
GetFileNameFromBrowse
SHAddToRecentDocs

user32

GetDlgItem
SendMessageA
LoadMenuA
OffsetRect
SetProcessDefaultLayout
LoadStringA
RegisterClassExA
GetSubMenu
WinHelpA
GetMessageA
CreateWindowExA
CheckMenuItem
GetMenu
DefWindowProcA
EnableMenuItem
UpdateWindow
DestroyWindow
CreateDialogParamA
ShowWindow
DispatchMessageA
TranslateMessage
EnableWindow
EndDialog
CheckMenuRadioItem

kernel32

HeapDestroy
CreateMutexA
HeapFree
HeapSetInformation
VirtualFree
SetFilePointer
GetLastError
GetCurrentThreadId
InitializeCriticalSection
WaitForMultipleObjects
InterlockedDecrement
ReadFile
EnterCriticalSection
ReleaseMutex
GetEnvironmentVariableA
CreateNamedPipeA
CreateFileA
HeapLock
InterlockedIncrement
VirtualAlloc
ExitProcess
GetVersionExA
ConnectNamedPipe
GetNamedPipeInfo
HeapAlloc
OpenMutexA
HeapCreate
CloseHandle

Sections

.text
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be19d7c4c8ef6150f5f1d993779bfa97

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

kernel32

Sections

.text Size: 1004KB - Virtual size: 1004KB

.data Size: 161KB - Virtual size: 161KB

.rsrc Size: 30KB - Virtual size: 3.0MB

.text
Size: 1004KB - Virtual size: 1004KB

.data
Size: 161KB - Virtual size: 161KB

.rsrc
Size: 30KB - Virtual size: 3.0MB