3fd51c3c033fe84ce09d94d15197e94a_JaffaCakes118

General

Target

3fd51c3c033fe84ce09d94d15197e94a_JaffaCakes118
Size

47KB
MD5

3fd51c3c033fe84ce09d94d15197e94a
SHA1

3821b5c292afe0841c64dc6da8f0021248aab7a6
SHA256

c0ca7c9887483b3699abf597d433ca91b3c8c836b929fc5d7c0c78f0d6db81ec
SHA512

d813a757de89d1e4fb10442e2dae2e622c30233b3e622dfa4343f178c3718d3aa66dd17564379a14b564fbaacfc692589005cd4e7582de33454cd67f3ff97ebc
SSDEEP

768:HkD3+a/n2t0djhSE+Rxn6a2mhzrR/jqwMZa/Pn2V9TINhmuvmwjZinEH+1:EjBnvdjhSE+R16a28nR/jNXMshrbgCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fd51c3c033fe84ce09d94d15197e94a_JaffaCakes118

Files

3fd51c3c033fe84ce09d94d15197e94a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6316975c6c9b039bb0a861f1c00adb3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadExecutionState
lstrlenA
CopyFileA
SetNamedPipeHandleState
WaitForSingleObject
CreateIoCompletionPort
OpenThread
GetEnvironmentStringsA
ConnectNamedPipe
DecodePointer
GetFileTime
SetThreadLocale
HeapAlloc
WaitForMultipleObjects
PostQueuedCompletionStatus
GetThreadPriorityBoost
ReadFile
ExitThread
HeapCreate
GetVersion
FreeEnvironmentStringsA
SetFilePointer
MapViewOfFile
RegisterWaitForSingleObject
CreateFileMappingA
UnmapViewOfFile
HeapSetInformation
HeapFree
InterlockedExchange
SetThreadContext
CreateThread
WriteFile
VirtualQuery
CreateFileA
EncodePointer
GetLocalTime
GetQueuedCompletionStatus
GetSystemTimes
GetModuleHandleA
GetCurrentProcessId
HeapDestroy

dswasrvc

SdbQueryApphelpInformation
CtfImmRestoreToolbarWnd
DllInstall
PifMgr_OpenProperties
ImmGetImeMenuItemsA
ImmLockClientImc
ImmIMPGetIMEA
SdbFreeFlagInfo
ImmGetConversionStatus
ExtractIconEx
ImmDestroyIMCC
CtfImmGetGuidAtom
DAD_SetDragImage
SdbResolveDatabase
SdbGrabMatchingInfo
PathGetShortPath
ILFindChild
ImmGetIMCCSize
CtfImmLeaveCoInitCountSkipMode
SdbGetFirstChild
DllCanUnloadNow
PathResolve
SdbGetTagDataSize
ImmRegisterWordA

Exports

Exports

CreateProcessNotify
autosec6

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6316975c6c9b039bb0a861f1c00adb3a

Headers

File Characteristics

Imports

kernel32

dswasrvc

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 36KB

.rdata Size: 2KB - Virtual size: 4KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 36KB

.rdata
Size: 2KB - Virtual size: 4KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB