ee80045df5bbeb48727d941eeec32a21_JaffaCakes118

General

Target

ee80045df5bbeb48727d941eeec32a21_JaffaCakes118
Size

336KB
MD5

ee80045df5bbeb48727d941eeec32a21
SHA1

1f5c4b5002a3b988e8972dbc7eb8d6fb957aa76f
SHA256

2a58f43d9dfde09c418190216bb6c3b75fed54cdc177c9fffcbc18b55868ff1d
SHA512

63a16aabe168738356c112db594a74fc6e6b2006e00a5100ac963b07f731a9df76e77d4515b57ccd7362e826e44830d479371ba7d292dea19506f557beb26a66
SSDEEP

6144:3CFpcPxjawPbMzaaTjGcBkLzj/LpclLwMOPX40jirLjmAQFf2aicocRcE:SFKvMzT62kL31clsXf40J/FXicBRcE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee80045df5bbeb48727d941eeec32a21_JaffaCakes118

Files

ee80045df5bbeb48727d941eeec32a21_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d05fe1f34b84cad3433688f98932075f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetConsoleInputExeNameA
GlobalDeleteAtom
GetProcessId
LZSeek
GetEnvironmentStringsA
GlobalFlags
lstrlenA
WriteConsoleA
OpenFileMappingA
GetModuleHandleA
SetConsoleHardwareState
GetConsoleKeyboardLayoutNameA
SetThreadIdealProcessor
SetThreadPriority
GetStringTypeExA
SetLocalPrimaryComputerNameA
SetTapePosition
IsValidLocale
GetThreadTimes
GetProcessTimes
WaitForSingleObject
IsDebuggerPresent
GetFullPathNameA
ReadConsoleInputA
SetThreadAffinityMask
GetFileSizeEx
InterlockedDecrement
UpdateResourceA
LockFile
EnumResourceTypesA
lstrcmpA
ReadConsoleA
SetVolumeMountPointA
SetConsoleTextAttribute
lstrcpy
FindVolumeClose
ReadConsoleOutputAttribute
Module32Next
GetNamedPipeHandleStateA
Heap32First
TransmitCommChar
ConnectNamedPipe
FindAtomA
HeapSummary
IsBadReadPtr
SetCommTimeouts
WriteConsoleOutputAttribute
GetTapeParameters
lstrlenA
PulseEvent
GetFileType
ResetWriteWatch
GetConsoleMode
VirtualAlloc
GetSystemTime
ClearCommBreak
EnumResourceNamesA
MapUserPhysicalPagesScatter
SetCommState
FindClose
OpenWaitableTimerA
EnumResourceLanguagesA
GetPrivateProfileStringA
SetDefaultCommConfigA
HeapValidate
LocalUnlock
GetCurrentProcessId
GetEnvironmentVariableA
MoveFileExW

wininet

FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryW

winmm

timeGetTime
timeBeginPeriod

Sections

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 324KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d05fe1f34b84cad3433688f98932075f

Headers

File Characteristics

Imports

kernel32

wininet

winmm

Sections

.idata Size: - Virtual size: 2KB

.text Size: 324KB - Virtual size: 331KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.idata
Size: - Virtual size: 2KB

.text
Size: 324KB - Virtual size: 331KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB