eea8231183934e20f935cd7267206a9f_JaffaCakes118

General

Target

eea8231183934e20f935cd7267206a9f_JaffaCakes118
Size

80KB
MD5

eea8231183934e20f935cd7267206a9f
SHA1

cb1fd7b144de81092fbac8cf8fe340a8a7c2d776
SHA256

a9dcc07561d668c8e3e00f2b5735d10b5294a69c17002d3a822280de566705ad
SHA512

433d031c0faabf1d763bb2bcee2a131cb2892c7400400b3c1ed0dc7ca7e72ffddc8cb18825af98b853495dde52fe6b939eebb5deff3c81dcc4b8dd5678687ee2
SSDEEP

1536:mNG5BjXtcnf5cMEVLWZSM8G1vX+esygqj/XbAe49UOxHnBKHoQQ5h0S:aIbSf5cDUZSM7mgLTdyNnBKIQQ5h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eea8231183934e20f935cd7267206a9f_JaffaCakes118

Files

eea8231183934e20f935cd7267206a9f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4e4ff4c12dccece034c016258c21f354

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
HeapAlloc
CreateFileA
WriteFile
InterlockedExchange
GetCommandLineA
LoadLibraryA
GetTickCount
InterlockedCompareExchange
GetDiskFreeSpaceA
BeginUpdateResourceA
GetAtomNameA
CreateFileMappingW
GetVolumePathNamesForVolumeNameW
GetCommModemStatus
SetVolumeLabelA
GetShortPathNameW
FreeLibraryAndExitThread
DeleteVolumeMountPointW
GetProcessVersion
GetSystemWindowsDirectoryA
GetNumberFormatA
GetNumberOfConsoleInputEvents
WaitNamedPipeA
GetProfileStringW
GetLocalTime
GetModuleHandleExW
InitializeCriticalSection
ExpandEnvironmentStringsW
EscapeCommFunction
GetCalendarInfoW
GetVolumeInformationW
GetCurrentDirectoryW
BackupWrite
GetDateFormatA
GetCurrentActCtx
GetLongPathNameW
SetFileAttributesA
SetErrorMode
GetConsoleCP
OpenProcess

shlwapi

PathRemoveArgsW
StrToIntW
StrToIntA
SHSetValueA
PathIsUNCW
StrCatBuffW
StrCmpIW
PathIsUNCServerShareW
StrStrW

Exports

Exports

MSNEventppm

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e4ff4c12dccece034c016258c21f354

Headers

File Characteristics

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB