fb9383a9dc4219bc03bb595eabc0879f_JaffaCakes118

General

Target

fb9383a9dc4219bc03bb595eabc0879f_JaffaCakes118
Size

47KB
MD5

fb9383a9dc4219bc03bb595eabc0879f
SHA1

38d23367974467928b23e1c5780bc47fea9f9532
SHA256

79866adb4a2253fa8f092d50cb93ee1bd0d1bd55649ae3b5f5ff24e3ed57119b
SHA512

43ae3d0fb117d7e79f4c534b744400db8946625cf577001e75b24609cff1263693ddb999cd49c3339b7ef30d2f67c6da90eecf27aa0957953852c903a41ba6e4
SSDEEP

768:UhidWKPv/JsdkkD+uN5/22ePrRpQaqjsr8SDUdPVz2L8JfL30F:UcdXv/JsXDf5OxRxqjsr8tdPVKLoDEF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb9383a9dc4219bc03bb595eabc0879f_JaffaCakes118

Files

fb9383a9dc4219bc03bb595eabc0879f_JaffaCakes118
.dll windows:0 windows x86 arch:x86

b75ba800df6920b89d776c93560201f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
GetEnvironmentStringsA
GetStringTypeExA
CreateThread
ReadFile
FreeEnvironmentStringsA
MapViewOfFile
SetThreadExecutionState
SetFilePointerEx
WriteFile
WaitForMultipleObjects
CreateFileMappingA
PostQueuedCompletionStatus
SetFilePointer
GetModuleHandleA
GetQueuedCompletionStatus
OpenThread
SetThreadPriorityBoost
RtlMoveMemory
lstrcpynA
ExitThread
CreateFileA
GetVersion
InterlockedIncrement
GetSystemTimeAsFileTime
lstrcatA
CreateIoCompletionPort
InterlockedDecrement
VirtualQuery
GetCurrentProcessId

mfcstxdm

PathIsExe
DragQueryFileA
SdbGetStandardDatabaseGUID
ImmReSizeIMCC
ImmActivateLayout
ReadCabinetState
ILCloneFirst
PathQualify
CtfAImmDeactivate
FreeIconList
CtfImmEnterCoInitCountSkipMode
SdbResolveDatabase
ExtractIconA
DAD_SetDragImage
ImmWINNLSEnableIME
DAD_AutoScroll
ImmGetCompositionFontA
RegenerateUserEnvironment
ShimDumpCache
ImmSendIMEMessageExA
ExtractAssociatedIconExA
ImmSetCompositionWindow
SdbTagRefToTagID
ILFree
SdbReadDWORDTag
ImmDisableIME

Exports

Exports

CreateProcessNotify
dns-GDI

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75ba800df6920b89d776c93560201f3

Headers

File Characteristics

Imports

kernel32

mfcstxdm

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB