3acbe7fb11093dbdbe2673e4f7268045_JaffaCakes118

General

Target

3acbe7fb11093dbdbe2673e4f7268045_JaffaCakes118
Size

32KB
MD5

3acbe7fb11093dbdbe2673e4f7268045
SHA1

c86d9b90afa24aec493a84d06bf5c8d35860f9f9
SHA256

e5a2ed772294b959c0af607c629e838bb5a6561f5eb02db3e9450bcade28bdb6
SHA512

b68bdd48b6761a3f51a63e8d5c4f2286a86dff959d309631f9707483e4828d6937d9f244d02966513a71afba97267b62104963c9ab7ba433b064be6d22c87f23
SSDEEP

384:kYBS7dKMvsx3lQ4Jmz3rg6tPuDoodEpNzLPdc4BnA1oRviCkfwWU:ZMo3lQ4EbgaPioo+zLP7BA1UXkfVU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3acbe7fb11093dbdbe2673e4f7268045_JaffaCakes118

Files

3acbe7fb11093dbdbe2673e4f7268045_JaffaCakes118
.dll windows:4 windows x86 arch:x86

488b12bbe7a0ffdf865acacace82ac9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
Sleep
WaitForMultipleObjects
GetDriveTypeA
GetLogicalDriveStringsA
CloseHandle
WriteFile
GetFileSize
SetFilePointer
GetPrivateProfileStringA
GetCurrentProcessId
CreateThread
UnmapViewOfFile
MapViewOfFile
GetLastError
VirtualFree
VirtualAlloc
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
GetCurrentProcess
ResumeThread
SuspendThread
TerminateThread

user32

GetWindowThreadProcessId
GetForegroundWindow
GetClassNameA

msvcrt

free
_ltoa
_strlwr
_strcmpi
strlen
atol
strchr
_except_handler3
strcpy
strstr
strrchr
sprintf
memcpy
memset
strcat
_strupr
realloc
wcslen
wcscmp
malloc
rand

Exports

Exports

Init
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

488b12bbe7a0ffdf865acacace82ac9d

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 1KB