2c4daa6f3acbc7903fdbd5227f228039_JaffaCakes118

General

Target

2c4daa6f3acbc7903fdbd5227f228039_JaffaCakes118
Size

47KB
MD5

2c4daa6f3acbc7903fdbd5227f228039
SHA1

3853cf526135a192a86478ffaa7ae71a7adbc192
SHA256

df2955c0bda348ff356b7c1fd3612491b4c3856184d9d975da28451f8a8f6c86
SHA512

379b30a5ad90e2caf916d946a7093a8e9608dec5702b884026a693762bd48948642dee9b11229e754d42930f2944110460896105e45a7a4b022979f4f27cacde
SSDEEP

768:njjSAI/5RhuBES+vTpI3SgU9jdBwRv5QxZ1dpYjcVmA1HM+B5W/H:n6AI/5H8+K3vQhiRv5AMcr1X5e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c4daa6f3acbc7903fdbd5227f228039_JaffaCakes118

Files

2c4daa6f3acbc7903fdbd5227f228039_JaffaCakes118
.dll windows:8 windows x86 arch:x86

28bcdecf7379af84a0c1bb1b1986a866

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
GetSystemInfo
GetCurrentProcess
SwitchToThread
ReadFileEx
HeapReAlloc
GetProcessHeaps
CompareStringA
GetModuleHandleA
SetFilePointer
WriteFile
LocalAlloc
InitializeCriticalSection
CreateFileMappingA
GetFileAttributesA
ReadFile
WaitForMultipleObjects
GetEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetThreadContext
GetFileAttributesExA
CopyFileA
CreateFileA
SetFilePointerEx
ConnectNamedPipe
UnmapViewOfFile
lstrcmpA
OpenThread
MapViewOfFile
HeapQueryInformation
HeapAlloc

d3drwrbk

ILCombine
ILRemoveLastID
OpenAs_RunDLL
ImmGetIMEFileNameA
SdbReadDWORDTag
ImmShowSoftKeyboard
SdbTagToString
CtfImmIsTextFrameServiceDisabled
RestartDialog
PathGetShortPath
PifMgr_CloseProperties
CtfAImmDeactivate
ImmEscapeA
ImmGetCompositionWindow
SdbReadBYTETag
InternalExtractIconListA
ImmPenAuxInput
ImmProcessKey
ImmUnlockIMCC
SdbInitDatabase
ImmSetCandidateWindow
ImmSetActiveContext
RegenerateUserEnvironment
CtfImmIsCiceroStartedInThread
ImmCreateIMCC
SetPermLayers
ImmGetCandidateWindow
CtfImmCoUninitialize

Exports

Exports

CreateProcessNotify
dmretdde

Sections

.text
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28bcdecf7379af84a0c1bb1b1986a866

Headers

File Characteristics

Imports

kernel32

d3drwrbk

Exports

Exports

Sections

.text Size: 34KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB