3be46de148c45277ddc270b0be4f2759_JaffaCakes118

General

Target

3be46de148c45277ddc270b0be4f2759_JaffaCakes118
Size

21KB
MD5

3be46de148c45277ddc270b0be4f2759
SHA1

4dfef9b1e95e7ec9c792aaf81bda3cc64277bd56
SHA256

6ba6e886fd18601889eefc1ae51503fe67cf82b214612065fe396f7ea69ea87b
SHA512

368be7824b7b5d3b9213a17b08e149aafb5e997113611c13e165aff63fcfcb43cb8c4e9e9a5d4976ffe372aaa67d84ef4e745afe4487a432b713ef9d157af80b
SSDEEP

384:UzjrDftKSApk8cbAulmnETRq5DmopqUJx6rN80p5:U3fIPkvboqopqi6r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3be46de148c45277ddc270b0be4f2759_JaffaCakes118

Files

3be46de148c45277ddc270b0be4f2759_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cc460bad50aa9a0e9ab9889f76a4a114

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
SetFilePointer
GetProcAddress
HeapAlloc
GetProcessHeap
OutputDebugStringA
CloseHandle
GetModuleHandleA
GetTempPathA
DeleteFileA
LoadLibraryA
WritePrivateProfileStringA
GetCurrentProcessId
OpenProcess
TerminateProcess
GetWindowsDirectoryA
GetCurrentProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep

user32

GetDC
GetWindowRect
wsprintfA
GetWindow
GetClassNameW

wininet

InternetCloseHandle

msvcrt

printf
_strcmpi
strcat
memset
sprintf
strlen
strcpy
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
ftell
fseek
fopen
mbstowcs
_stricmp
rand
srand
time
wcslen
strstr
wcsncat
wcscpy
wcsstr
strncpy
strrchr
exit
free
_strupr
malloc
strchr
memcpy
_except_handler3
_local_unwind2
strcmp
_vsnprintf

gdiplus

GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc460bad50aa9a0e9ab9889f76a4a114

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

gdiplus

gdi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB