16440154ffbc8503594ef7420b93c176_JaffaCakes118

General

Target

16440154ffbc8503594ef7420b93c176_JaffaCakes118
Size

47KB
MD5

16440154ffbc8503594ef7420b93c176
SHA1

c663fb3c7e68a08106d305c6c1e09b077a6b0eb0
SHA256

dbad4ce01e4fe764409829275a06c8f289d8986e54b08757df846319a4775e9d
SHA512

5e640a5f6396bf95b06fcb2a5ec31c628dd4e513e1bf5c5bf34eb7af8d9764d492ec5e7a5c47145946fbc9b2270b0fa663180ae96102f30eaec7e8353aef1dd8
SSDEEP

768:UhidWKPv/JsdkkD+uN5/22ePrRpQaqjsr8SDUdPVzyL8JfL30F:UcdXv/JsXDf5OxRxqjsr8tdPVmLoDEF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16440154ffbc8503594ef7420b93c176_JaffaCakes118

Files

16440154ffbc8503594ef7420b93c176_JaffaCakes118
.dll windows:0 windows x86 arch:x86

b75ba800df6920b89d776c93560201f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
GetEnvironmentStringsA
GetStringTypeExA
CreateThread
ReadFile
FreeEnvironmentStringsA
MapViewOfFile
SetThreadExecutionState
SetFilePointerEx
WriteFile
WaitForMultipleObjects
CreateFileMappingA
PostQueuedCompletionStatus
SetFilePointer
GetModuleHandleA
GetQueuedCompletionStatus
OpenThread
SetThreadPriorityBoost
RtlMoveMemory
lstrcpynA
ExitThread
CreateFileA
GetVersion
InterlockedIncrement
GetSystemTimeAsFileTime
lstrcatA
CreateIoCompletionPort
InterlockedDecrement
VirtualQuery
GetCurrentProcessId

mfcstxdm

PathIsExe
DragQueryFileA
SdbGetStandardDatabaseGUID
ImmReSizeIMCC
ImmActivateLayout
ReadCabinetState
ILCloneFirst
PathQualify
CtfAImmDeactivate
FreeIconList
CtfImmEnterCoInitCountSkipMode
SdbResolveDatabase
ExtractIconA
DAD_SetDragImage
ImmWINNLSEnableIME
DAD_AutoScroll
ImmGetCompositionFontA
RegenerateUserEnvironment
ShimDumpCache
ImmSendIMEMessageExA
ExtractAssociatedIconExA
ImmSetCompositionWindow
SdbTagRefToTagID
ILFree
SdbReadDWORDTag
ImmDisableIME

Exports

Exports

CreateProcessNotify
autoycfg

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b75ba800df6920b89d776c93560201f3

Headers

File Characteristics

Imports

kernel32

mfcstxdm

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB