eaea73a2f5c869064a5b5bd7147479ee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eaea73a2f5c869064a5b5bd7147479ee_JaffaCakes118
Size

116KB
MD5

eaea73a2f5c869064a5b5bd7147479ee
SHA1

5a808fe5de957723ac4e18290ff8ca8dbd44494e
SHA256

7864d9bcea983fea31b476434e8890a633f0f54cec23ab2c1e611a51b7b29b07
SHA512

34355ec9958d8e78bb69cbab24c3c0fb76d6e32bf7807136b41850d9e37e3971cfc269a518907a8b6450c2834945ee20bf2eee8e724e050eef8cb2c54bec06b1
SSDEEP

1536:5pShwQihyo+fwfR4+qbLzse9WQyhH37/v2CYfOqOLnK/GTSDk4sKzBVCSJlhjExx:5pxGfqRsfsekHKB+HjWCSJlqT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaea73a2f5c869064a5b5bd7147479ee_JaffaCakes118

Files

eaea73a2f5c869064a5b5bd7147479ee_JaffaCakes118
.dll windows:4 windows x86 arch:x86

51679b4060d13cb1edc05e32f960c666

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MoveFileA
SetFileTime
GetFileTime
GetFileAttributesA
SetFileAttributesA
CopyFileA
OutputDebugStringA
WriteFile
GetEnvironmentVariableA
ReadFile
SetFilePointer
GetLocalTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
GetSystemDirectoryA
DeleteFileA
GetVolumeInformationA
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
WinExec
CreateProcessA
GetSystemTime
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
LockResource
SizeofResource
LoadResource
FreeLibrary
FindResourceA
LoadLibraryA
GetProcAddress
TerminateThread
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
CreateDirectoryA
FileTimeToLocalFileTime
ExitProcess
GetStartupInfoA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LCMapStringW
LCMapStringA
GetOEMCP
GetCPInfo
FlushFileBuffers
SetStdHandle
FileTimeToSystemTime
GetComputerNameA
GetVersionExA
GetLogicalDrives
GetDriveTypeA
GetDiskFreeSpaceExA
CloseHandle
GetACP
FindFirstFileA
FindNextFileA
FindClose
EnterCriticalSection
GetFileSize
LeaveCriticalSection
CreateFileA
CreateMutexA
GetLastError
GetVersion
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetFileType
GetStdHandle
SetHandleCount
GetFullPathNameA
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
Sleep
InitializeCriticalSection
GetWindowsDirectoryA
CreateThread
GetTimeZoneInformation
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue

user32

EnumChildWindows
wsprintfA
PostMessageA
SendMessageA
GetWindowLongA
GetClassNameA
GetParent
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
ToAscii
GetKeyboardState
GetKeyboardLayout
GetForegroundWindow

advapi32

RegCloseKey
ChangeServiceConfigA
CloseServiceHandle
OpenServiceA
LockServiceDatabase
RegQueryInfoKeyA
RegSetValueExA
DeleteService
ControlService
RegSetValueA
RegDeleteValueA
RegEnumKeyExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
UnlockServiceDatabase

shell32

ShellExecuteA

shlwapi

StrTrimA
SHDeleteKeyA

ws2_32

recv
getsockname
select
WSACleanup
inet_ntoa
ntohl
gethostbyname
socket
htons
htonl
closesocket
shutdown
connect
inet_addr
WSAStartup
send

netapi32

Netbios

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext
ImmGetDescriptionA

Exports

Exports

MainFunction
UnHook
installhook

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PWDDATA
Size: 4KB - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51679b4060d13cb1edc05e32f960c666

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

ws2_32

netapi32

imm32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 15KB

shared Size: 4KB - Virtual size: 254B

PWDDATA Size: 4KB - Virtual size: 404B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 15KB

shared
Size: 4KB - Virtual size: 254B

PWDDATA
Size: 4KB - Virtual size: 404B

.reloc
Size: 8KB - Virtual size: 6KB