254388b72d7ad1c28e952c57df789f56_JaffaCakes118

General

Target

254388b72d7ad1c28e952c57df789f56_JaffaCakes118
Size

104KB
MD5

254388b72d7ad1c28e952c57df789f56
SHA1

e2c02e14b175cd00e27f5ae147ceef8c5088cce8
SHA256

89fdbc5e48cce8444d9b4444a36ca1ef458c1caad0644a3ac73c483936ee9ded
SHA512

7c186d31f36eb9671cabc810eace2e8dc4ae486f3fde2b19a0e0e6bbbf962203936b490e7aea337e130b12e410b44a588fdab28d3f1792da3be3b52d5d3e6d3c
SSDEEP

3072:jCwz+tnHYZ0V0fZvdW3ASOE+xfKBjEVycL:2w6S0VqQ3AhE+xyBjEkcL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
254388b72d7ad1c28e952c57df789f56_JaffaCakes118

Files

254388b72d7ad1c28e952c57df789f56_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7df086de696731acece88bf5f9cfd9f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA

msvcrt

srand
time
_vsnprintf
tolower
strrchr
_except_handler3
memcpy
rand
malloc
free
exit
strncpy
wcsstr
wcscpy
wcsncat
strstr
wcslen
mbstowcs
fopen
fseek
ftell
fclose
??2@YAPAXI@Z
wcscmp
??3@YAXPAX@Z
strlen
sprintf
memset
_strcmpi
_strupr

kernel32

lstrlenA
MultiByteToWideChar
GetModuleHandleA
GetProcessHeap
HeapAlloc
SetFilePointer
CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
GetTempPathA
DeleteFileA
GetFileSize
ReadFile
WideCharToMultiByte
GetFileAttributesW
GetPrivateProfileStringA
Sleep
LoadLibraryA
FreeLibrary

user32

GetWindow
GetClassNameW
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
wsprintfA
GetDC
GetWindowRect

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7df086de696731acece88bf5f9cfd9f7

Headers

File Characteristics

Imports

gdi32

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 8KB