0f847f865aaba46c66f26b59b6505baa_JaffaCakes118

General

Target

0f847f865aaba46c66f26b59b6505baa_JaffaCakes118
Size

32KB
MD5

0f847f865aaba46c66f26b59b6505baa
SHA1

a84c6939729f444d7b0c4d1f4a717cae61712815
SHA256

dfdaaf45155a420050ec9f7c6050a31f605a844b1cdd52469fc557f12181c3dd
SHA512

e75991d8bfa2017a6840f8d5ccca10bb1b4df7d0accb94d295a4e289b441bd07c13c027a386d39ae5c3431f9e691cb81969704c2f84f364585060775ff391719
SSDEEP

384:dyqUPjHM91iOZuJsxcoEtaB2BjFKElkb8wVoHPVQ4anaoQEvq2KWoP+:d1UPpOlcoEABGjFTli1V6DaaoQEBn8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f847f865aaba46c66f26b59b6505baa_JaffaCakes118

Files

0f847f865aaba46c66f26b59b6505baa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b41667bc51b2d1859e06fb8140ebb33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
WaitForMultipleObjects
GetDriveTypeA
GetLogicalDriveStringsA
CloseHandle
WriteFile
GetFileSize
SetFilePointer
VirtualFree
IsBadReadPtr
Sleep
CreateThread
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
GetLastError
VirtualAlloc
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GetCurrentProcess
ResumeThread
SuspendThread
WaitForSingleObject
ResetEvent
GetPrivateProfileStringA
TerminateThread

msvcrt

strlen
atol
strchr
_except_handler3
strstr
strcat
strcpy
sprintf
memcpy
memset
??3@YAXPAX@Z
strrchr
free
realloc
wcslen
??2@YAPAXI@Z
wcscmp
malloc
rand
_strupr
_strlwr
_strcmpi
_ltoa

Exports

Exports

Init
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b41667bc51b2d1859e06fb8140ebb33

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 1KB