10fa6fc87532c0fd1699cb5f0a0f040e_JaffaCakes118

General

Target

10fa6fc87532c0fd1699cb5f0a0f040e_JaffaCakes118
Size

88KB
MD5

10fa6fc87532c0fd1699cb5f0a0f040e
SHA1

448bcdd03a1291ba0a5554842e50b404c1a78a26
SHA256

a15f9f9c5f25bbe18f92e8965b1ca50c2ca37b8710e48bd97539cc5c436a5337
SHA512

eaff8d1405d48b80c8e2a63c005e3bdecacfe31e745b9306b583db1aad24ea0eed42582c0e5d1f975d2d37ca79f854ba3505c017bcf968bbf627eb5b32ac588e
SSDEEP

1536:vudfC1M+mvM2lBJgsiklz4n3is3aK6anBTsEhCPtcd+:vifCaZM2lBplW3JhsE4P2d+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10fa6fc87532c0fd1699cb5f0a0f040e_JaffaCakes118

Files

10fa6fc87532c0fd1699cb5f0a0f040e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

024061ccd52ff6c03a0a2f694bed73ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
GetProcessHeap
LocalFree
Sleep
InterlockedCompareExchange
InterlockedExchange
LoadLibraryW
GetModuleFileNameW
UnhandledExceptionFilter
GetCommandLineA
DisableThreadLibraryCalls
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
HeapAlloc
HeapFree
RtlUnwind
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
HeapSize
LCMapStringA
GetSystemInfo

advapi32

RegCloseKey
RegCreateKeyW

ole32

CLSIDFromString
StringFromGUID2

rpcrt4

NdrDllGetClassObject

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

024061ccd52ff6c03a0a2f694bed73ed

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

rpcrt4

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 36KB - Virtual size: 69KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 36KB - Virtual size: 69KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB