127ce048627abc0c6e599b16334a6f24_JaffaCakes118

General

Target

127ce048627abc0c6e599b16334a6f24_JaffaCakes118
Size

160KB
MD5

127ce048627abc0c6e599b16334a6f24
SHA1

ddc099b88460379e0d6dc85b73966b6019b30d8c
SHA256

62fde5039bd5be38e244900f5ae81567cf1e4d628bf0e9d0e0a6ad675853581c
SHA512

55f03242c83cf4573d5da3d10112bb6b1ad717bbb02dc8b9f2477cf453c30baa180a5684d2c608dd145715dcc8534675c6f4cc4e4fe2c2a05d079d4c88c2983b
SSDEEP

3072:OP/bQiOGbQ1PUMA4LK3zIAO6uiDMy4RL89IkkF8xgEhuM:OP/Vt2NLKvnuqMywkk/Eh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
127ce048627abc0c6e599b16334a6f24_JaffaCakes118

Files

127ce048627abc0c6e599b16334a6f24_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4eff41a005fb149247033c4b1aa53f8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcessId

user32

PostMessageA
IsWindow
RegisterWindowMessageA

msvcr80

memset
isupper
isalpha
memmove
fputs
fprintf
_chdrive
toupper
atoi
strtok
fclose
fread
ftell
fseek
fopen
memcpy
realloc
__iob_func
_tempnam
remove
_setjmp3
_CIpow
tolower
vfprintf
strncmp
fgetc
sscanf
fwrite
vprintf
fflush
fsetpos
fgets
fgetpos
feof
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
strtol
sprintf
isdigit
malloc
free
longjmp
strrchr
strchr
_access
_chdir
_stricmp
isspace
_strdup

Exports

Exports

Compile
pc_addconstant
pc_addtag
pc_compile
pc_enablewarning

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4eff41a005fb149247033c4b1aa53f8e

Headers

File Characteristics

Imports

kernel32

user32

msvcr80

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 106KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 108KB - Virtual size: 106KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 12KB - Virtual size: 8KB