44d1391bdbcbf59c60017cc484d3adbb_JaffaCakes118

General

Target

44d1391bdbcbf59c60017cc484d3adbb_JaffaCakes118
Size

183KB
MD5

44d1391bdbcbf59c60017cc484d3adbb
SHA1

cf495dfca89263ec39598be3c1a58bbc7ae40461
SHA256

6d9799bc0c3185abf593fda7ab318151db89d6989f8e653d78e3230f5a390da0
SHA512

18c458086dd3e5c368ed850c03b7a059075b42d2c7ad105b817145212eaea16bf28f1e3d2ea48b89961b748bcb5e254b225b82fb690b21d8dc7d22c7de4da41a
SSDEEP

3072:H6QSOlDmW9gMD/cUvyQP9HXTCB4ZgF95TN+/ARVu1Bw2j+Al6CJufjZLN0KGd0uP:nxlDCeBBDCB4Z254Uu1BwmTljJWv0J0d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44d1391bdbcbf59c60017cc484d3adbb_JaffaCakes118

Files

44d1391bdbcbf59c60017cc484d3adbb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

36f9b57ddc3350a0350b1d18345163a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
ExpandEnvironmentStringsA
FatalAppExitA
GetACP
GetCommandLineA
GetConsoleOutputCP
GetCurrentThread
GetEnvironmentVariableA
GetExitCodeThread
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
HeapCreate
HeapReAlloc
HeapSize
MulDiv
MultiByteToWideChar
ResumeThread
RtlUnwind
SetEvent
SetLastError
SetUnhandledExceptionFilter
lstrcatA

user32

FillRect
BeginPaint
TrackPopupMenu
GetSystemMetrics

winmm

joySetThreshold
joyReleaseCapture
joyGetDevCapsW
timeEndPeriod

ole32

CreateAntiMoniker
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

advapi32

AddAccessDeniedAceEx
LsaCreateTrustedDomain
GetTrusteeFormA
GetNamedSecurityInfoA
ReadEventLogA
ElfOpenEventLogW
CryptGetUserKey
CryptGetProvParam
AccessCheckByTypeAndAuditAlarmA
LsaNtStatusToWinError

shlwapi

StrStrW
StrStrA
PathStripPathA

Exports

Exports

AudioGUIConfigureItem
GraphicsGLRegisterBuffer
ReadDevParamFromRAW

Sections

.text
Size: 120KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36f9b57ddc3350a0350b1d18345163a1

Headers

File Characteristics

Imports

kernel32

user32

winmm

ole32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 216KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 120KB - Virtual size: 216KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 4KB