JaffaCakes118_461ace3e03494f901d98088f2c42a50bcb9158b7827a94839a0f092376522b3e

General

Target

JaffaCakes118_461ace3e03494f901d98088f2c42a50bcb9158b7827a94839a0f092376522b3e
Size

120KB
MD5

a519c97fa1de038732656b3f026af938
SHA1

2a28e3dae4709f144e54a8d62794eb8c8479c79d
SHA256

461ace3e03494f901d98088f2c42a50bcb9158b7827a94839a0f092376522b3e
SHA512

376db4b7453fc6329973aaa46501900794fcc5a6b61fdeb4843d5ead18b3415b3e37e364bd2ee13cff891c64782972c19f948fad9def6a0af3db0146d3ce6275
SSDEEP

1536:ppyrIIiGiEfaOKSYQJcY1rFY/SKf52geqbbtXIAtRubSKEo0z0QY/2Aufke9D/kq:p+IpkfoShS5BJ3tXIT+G0YQDAwke9rh

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ci9suwhy.php

JaffaCakes118_461ace3e03494f901d98088f2c42a50bcb9158b7827a94839a0f092376522b3e
.zip

Password: infected
Ci9suwhy.php
.dll windows:5 windows x86 arch:x86

e15e308979eba2ea85357b3638718deb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetFontData

msvcrt

memset

oleaut32

VarBstrFromDec

user32

ShowOwnedPopups

advapi32

RegLoadAppKeyA
RegisterEventSourceW

kernel32

GetModuleHandleW
GetModuleFileNameA
LoadLibraryExA

Exports

Exports

CcfZASHbgfDsbf

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ