032d801a813818edd2d6fd479530ac10_JaffaCakes118

General

Target

032d801a813818edd2d6fd479530ac10_JaffaCakes118
Size

23KB
MD5

032d801a813818edd2d6fd479530ac10
SHA1

15bf842f91a0f8423d8db953ca520a7b2c2fcc5f
SHA256

b868d80e755b5cf983528505f21ddfe0acd8700ebbb916261b3ccb1ea32b4d10
SHA512

58ddcf590d2a63eef7c703713da2a0b432c6e393fb3570f89a4b75292fcb96449e07c9cca4faf5311bff4770e30858fa45364328e9549c09a4639ed69b0ba952
SSDEEP

384:Jwbd6ySa/UCLc2/Cp4KX9QdrtlU3mzIyk68qq+ZdcAl/JwM:JuBIFR68243mzIHExLwM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
032d801a813818edd2d6fd479530ac10_JaffaCakes118

Files

032d801a813818edd2d6fd479530ac10_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d779e1bea3694905e199b095d9f1cb4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetLastError
ReadFile
GetFileSize
CreateFileA
GetPrivateProfileStringA
lstrcpynA
FindClose
FindFirstFileA
CreateMutexA
GetCurrentProcessId
SetFilePointer
VirtualProtect
GetSystemDirectoryA
GetProcAddress
GetProcessHeap
HeapAlloc
OutputDebugStringA
GetModuleHandleA
WritePrivateProfileStringA
WideCharToMultiByte
OpenProcess
VirtualQueryEx
ReadProcessMemory
GetFileAttributesW
CloseHandle
GetTempPathA
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleFileNameA
Sleep

msvcrt

exit
printf
free
malloc
sprintf
__CxxFrameHandler
memcpy
_vsnprintf
__dllonexit
_onexit
_initterm
_adjust_fdiv
_strcmpi
wcsstr
wcscpy
wcsncat
wcslen
strcat
strrchr
strstr
strncpy
_except_handler3
strcpy
strlen
mbstowcs
??2@YAPAXI@Z
wcscmp
??3@YAXPAX@Z
memset

gdiplus

GdipSaveImageToFile
GdiplusStartup
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

user32

wsprintfA
GetClassNameW
GetForegroundWindow
GetWindow

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d779e1bea3694905e199b095d9f1cb4a

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

user32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB