00d62aa21f688d78a84c7176d7005ed6_JaffaCakes118

General

Target

00d62aa21f688d78a84c7176d7005ed6_JaffaCakes118
Size

47KB
MD5

00d62aa21f688d78a84c7176d7005ed6
SHA1

a7814805986011a6332e1c64d934ec5c6f7e2c1a
SHA256

d7f88158fa4f5bae4a2067bedecbb20d25e85f9531f70c0ed9abb2acc1c6fc0b
SHA512

73fb9dc6be67f0f6a606640bd1dcb9196adb199b76d423d0e457c23a9047817ff505f848157145ad83531e4ba2e2e05687801be657326284c3cb4db393220e8b
SSDEEP

768:njjSAI/5RhuBES+vTpI3SgU9jdBwRv5QxZ1dpYjcVmAeHM+B5W/H:n6AI/5H8+K3vQhiRv5AMcreX5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d62aa21f688d78a84c7176d7005ed6_JaffaCakes118

Files

00d62aa21f688d78a84c7176d7005ed6_JaffaCakes118
.dll windows:8 windows x86 arch:x86

28bcdecf7379af84a0c1bb1b1986a866

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
GetSystemInfo
GetCurrentProcess
SwitchToThread
ReadFileEx
HeapReAlloc
GetProcessHeaps
CompareStringA
GetModuleHandleA
SetFilePointer
WriteFile
LocalAlloc
InitializeCriticalSection
CreateFileMappingA
GetFileAttributesA
ReadFile
WaitForMultipleObjects
GetEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetThreadContext
GetFileAttributesExA
CopyFileA
CreateFileA
SetFilePointerEx
ConnectNamedPipe
UnmapViewOfFile
lstrcmpA
OpenThread
MapViewOfFile
HeapQueryInformation
HeapAlloc

d3drwrbk

ILCombine
ILRemoveLastID
OpenAs_RunDLL
ImmGetIMEFileNameA
SdbReadDWORDTag
ImmShowSoftKeyboard
SdbTagToString
CtfImmIsTextFrameServiceDisabled
RestartDialog
PathGetShortPath
PifMgr_CloseProperties
CtfAImmDeactivate
ImmEscapeA
ImmGetCompositionWindow
SdbReadBYTETag
InternalExtractIconListA
ImmPenAuxInput
ImmProcessKey
ImmUnlockIMCC
SdbInitDatabase
ImmSetCandidateWindow
ImmSetActiveContext
RegenerateUserEnvironment
CtfImmIsCiceroStartedInThread
ImmCreateIMCC
SetPermLayers
ImmGetCandidateWindow
CtfImmCoUninitialize

Exports

Exports

CreateProcessNotify
atmatrol

Sections

.text
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28bcdecf7379af84a0c1bb1b1986a866

Headers

File Characteristics

Imports

kernel32

d3drwrbk

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB