556ff57e8102229f9469e91e0939db22_JaffaCakes118

General

Target

556ff57e8102229f9469e91e0939db22_JaffaCakes118
Size

240KB
MD5

556ff57e8102229f9469e91e0939db22
SHA1

0bc5ed6a4443b3923ccd49f49dff8976b4cb0022
SHA256

47f27dc767f6714b7c1660bdb09f8fe5b7a68732e42b42409b94c03b31db19e4
SHA512

709cc9609e6a7190ed3ffd51e33230d2658526e0c31304498581538d91749b47675b0321fa34caacc93de2cdd756f4f5ae280c4d4624b9412f4f798bb484e448
SSDEEP

1536:V6CwwcUd7B4dzbA6hbouW0GNGKA0y7DpxOL70z1w802a1BFZZ7aywy:V6CwwcUd7B4986rGNGKAnjOG1C7Jz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
556ff57e8102229f9469e91e0939db22_JaffaCakes118

Files

556ff57e8102229f9469e91e0939db22_JaffaCakes118
.dll windows:4 windows x86 arch:x86

61b71618d0ee1dbb881044f42b9b7085

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetLocaleInfoW
RaiseException
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
GetLocaleInfoA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
LoadLibraryA
GetModuleFileNameA
WriteFile
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
Sleep
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleA
GetProcAddress
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree

msvcrt

free
toupper
strlen
malloc
isalpha

shlwapi

PathIsURLA
PathStripPathW
PathParseIconLocationA

Exports

Exports

tIWByiEGT

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61b71618d0ee1dbb881044f42b9b7085

Headers

File Characteristics

Imports

kernel32

msvcrt

shlwapi

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.data Size: 104KB - Virtual size: 422KB

.rsrc Size: 112KB - Virtual size: 108KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 13KB

.data
Size: 104KB - Virtual size: 422KB

.rsrc
Size: 112KB - Virtual size: 108KB

.reloc
Size: 4KB - Virtual size: 1KB