29ee6d9a7d58e2fbf51305b23c409ef6_JaffaCakes118

General

Target

29ee6d9a7d58e2fbf51305b23c409ef6_JaffaCakes118
Size

34KB
MD5

29ee6d9a7d58e2fbf51305b23c409ef6
SHA1

5fb4a84b95e6a89842c190dcc8e31645a442e6bf
SHA256

ceb2f0d742871d03971c06b14d3da53d61030dd3451880d70890585fa86477cb
SHA512

8db608e49c77b68024079a4bf0ff8e4521c74d20dac2b6312c3812136642d82498e92c11550d1f8c40c7370b384e9e667365d3dc4e8d6c097c780cdc4b454819
SSDEEP

384:hav2SUAJERK1GMxTX34K6bbKnJ6S7IQQI98BGiHrJzSJ9RXBhqUH7SRXncjTg6WX:hdqEk0gTX34K6bbLS8QQIwAPpnqUzWw8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29ee6d9a7d58e2fbf51305b23c409ef6_JaffaCakes118

Files

29ee6d9a7d58e2fbf51305b23c409ef6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

94c8b265d734a5f1ffb9a76e3ec4c791

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenThread
GetCurrentProcessId
Thread32First
CreateToolhelp32Snapshot
Sleep
CreateThread
GetModuleFileNameA
WideCharToMultiByte
ReadProcessMemory
GetProcAddress
LoadLibraryA
GetTempPathA
SetThreadPriority
GetFileSize
ReadFile
CreateFileA
GetThreadContext
GetProcessHeap
HeapAlloc
GetLastError
GetModuleHandleA
SetThreadContext
AddVectoredExceptionHandler
CloseHandle
Thread32Next
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection

msvcrt

wcscpy
wcsncat
wcslen
wcsstr
strrchr
strcat
malloc
_except_handler3
strchr
_vsnprintf
isspace
isalnum
wcscat
atoi
exit
__dllonexit
_onexit
_initterm
_adjust_fdiv
free
_strlwr
mbstowcs
wcscmp
strstr
_stricmp
strncpy
strlen
sprintf
strcpy
memcpy
__CxxFrameHandler
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
_strcmpi

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders

gdi32

DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA

wsock32

closesocket
shutdown

user32

wsprintfA
GetForegroundWindow
GetClassNameW
GetWindow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94c8b265d734a5f1ffb9a76e3ec4c791

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

user32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 1KB