0636c19f4c1f83586cf1e9885b1735fa_JaffaCakes118

General

Target

0636c19f4c1f83586cf1e9885b1735fa_JaffaCakes118
Size

80KB
MD5

0636c19f4c1f83586cf1e9885b1735fa
SHA1

26528d57a318d5eab1b2191bc4bcea2a08258da3
SHA256

8f6cd8d088d803340baf25890b5ac9f15e453c70388abdf6d7c7064f84dc4873
SHA512

b844172fdf02a219ae6eaf7bb51f270dabc974017c03b53012ae6585d43c91908c4011747e7e0811b9298ca83614914a470acd3140b9cd0a4e90b82c7fa02440
SSDEEP

1536:vF7ojyMi02JSuT/R4CM3nk+3N1/69TtkYyIgi/uvo26:v9QHuT/R4CM1DIpy0/uw2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0636c19f4c1f83586cf1e9885b1735fa_JaffaCakes118

Files

0636c19f4c1f83586cf1e9885b1735fa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

13dd53c03253b441cd41fa902689caf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SwitchToThread
DeleteFileA
GetUserDefaultLCID
FindNextFileA
IsValidLanguageGroup
FindFirstChangeNotificationW
FreeConsole
CreateToolhelp32Snapshot
GetFileSizeEx
GetLocaleInfoA
GetProfileIntA
EnumResourceLanguagesA
GetCommConfig
GlobalGetAtomNameA
GetFileTime
DeleteVolumeMountPointW
GetStartupInfoA
ClearCommError
SetCurrentDirectoryA
CreateDirectoryW
GetSystemTime
DeleteTimerQueueEx
FormatMessageW
SetFileTime
MoveFileA
BindIoCompletionCallback
GetOverlappedResult
FindVolumeClose
BeginUpdateResourceA
SetFilePointer
SetCommState
LockFile
FileTimeToDosDateTime
CompareStringW
FillConsoleOutputAttribute
GlobalGetAtomNameW
ExitThread
GetUserDefaultUILanguage
PeekConsoleInputW
WinExec
WaitNamedPipeA
GetCurrentActCtx
TerminateThread
lstrcpynW
LeaveCriticalSection
InterlockedDecrement
LocalFree
GetModuleFileNameA
WriteFile
ReleaseMutex
GetVolumeInformationA
lstrlenA
GetLastError
HeapAlloc
LoadLibraryA
GetProcAddress
CreateIoCompletionPort
InterlockedCompareExchange

advapi32

RegNotifyChangeKeyValue
IsTokenRestricted
NotifyBootConfigStatus
OpenEventLogW
RegDeleteValueW
DuplicateToken
RegEnumKeyW
RegisterServiceCtrlHandlerW
CredWriteDomainCredentialsW
SetThreadToken
LogonUserW
GetSecurityDescriptorSacl
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateAnonymousToken

Exports

Exports

LibMapSvcs

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13dd53c03253b441cd41fa902689caf2

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB