df4ba6b9aedbff21edb41c84af084a17_JaffaCakes118

General

Target

df4ba6b9aedbff21edb41c84af084a17_JaffaCakes118
Size

23KB
MD5

df4ba6b9aedbff21edb41c84af084a17
SHA1

5043a98d45b093246f488d3b32c92bce847d21bb
SHA256

2085edf000e09de2a6b63b0dfc366853248eecd7e7a880cad2d748f44fef4990
SHA512

304c3c7558bdab9ca6b05c7d20dd1ceeed00610fdbc7260250cd90da4b5981a9d7a20654852148ee7652a9d68d4f9dfd8777f252094e454987da013644548344
SSDEEP

384:gVNPXZpJlDzOz/yRW1IijyC5I/vZRqjxTTbYB7dFMRLJc63D7FHvl:MZ7e/yRWOC5IMxToB7AR6W71vl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df4ba6b9aedbff21edb41c84af084a17_JaffaCakes118

Files

df4ba6b9aedbff21edb41c84af084a17_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8243a6caf325a4502aea0ca2494beb98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
SetFilePointer
HeapAlloc
GetProcessHeap
GetWindowsDirectoryA
GetProcAddress
DeleteFileA
GetModuleHandleA
FindClose
FindFirstFileA
FreeLibrary
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
OpenProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
Sleep
LoadLibraryA

user32

GetDC
GetWindowRect
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameW
GetWindow
wsprintfA

msvcrt

_strupr
_strcmpi
free
strcpy
memset
malloc
fclose
fgets
fopen
memcpy
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
ftell
fseek
mbstowcs
strstr
rand
srand
time
wcslen
wcsncat
wcscpy
wcsstr
strncpy
exit
_except_handler3
strrchr
strlen
_local_unwind2
tolower
_vsnprintf

wininet

InternetCloseHandle

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8243a6caf325a4502aea0ca2494beb98

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wininet

gdi32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

shared Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB