112762913217920db397a5ec8934b34f_JaffaCakes118

General

Target

112762913217920db397a5ec8934b34f_JaffaCakes118
Size

92KB
MD5

112762913217920db397a5ec8934b34f
SHA1

765ee6d684527a4a97f5994e57f8f6524b7c5883
SHA256

e8af2dc2f66af343450e95da57b380c9dcb14364b451c0ec919037b2ef59d0ff
SHA512

d0f620434918b6a1de16c2898b20f0f81e1ecdc34131ddc39cf806dff821ed452e2e6c9b55b178ad9b76e44ed5e71c5c1af063a2799d764e0a53f3e887573331
SSDEEP

1536:HQFqaknOzaRIrcB1tfypeumDPY3IOpUz6YR/OxVF:HT6aRIr9mbyIOpi6YdOh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
112762913217920db397a5ec8934b34f_JaffaCakes118

Files

112762913217920db397a5ec8934b34f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

815907ab3a04e0061fabd26ff65e0e3d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
_vsnprintf
tolower
_except_handler3
memcpy
malloc
exit
strrchr
wcsstr
wcscpy
wcsncat
strstr
time
srand
rand
strcat
wcslen
strcmp
strncpy
free
_stricmp
strlen
mbstowcs
fopen
fseek
ftell
fclose
??2@YAPAXI@Z
wcscmp
??3@YAXPAX@Z
strcpy
sprintf
_strupr
_strcmpi

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC

kernel32

SetFilePointer
CloseHandle
GetFileSize
ReadFile
WideCharToMultiByte
GetFileAttributesW
GetTempPathA
DeleteFileA
GetModuleFileNameA
GetPrivateProfileStringA
OpenProcess
HeapAlloc
GetProcessHeap
MultiByteToWideChar
lstrlenA
Sleep
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetCurrentProcess
TerminateProcess

user32

wsprintfA
GetWindow
GetClassNameW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetDC
GetWindowRect

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

815907ab3a04e0061fabd26ff65e0e3d

Headers

File Characteristics

Imports

msvcrt

gdi32

kernel32

user32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB