ebe973b64e5398bcab14d9afa1d9d085_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebe973b64e5398bcab14d9afa1d9d085_JaffaCakes118
Size

1.4MB
MD5

ebe973b64e5398bcab14d9afa1d9d085
SHA1

b61c9a38aff1b7641e60adbb92091d428e6eb356
SHA256

2281f408a1c8c0ee266cb30c2068e62a9cb901672427a6abc0d6d0b200826eb9
SHA512

5790f96a3015923a91f573889464690958f21b01c68e008c821fd37cf4cf7398efebffc83352d49a437ff858734e0ff232bcc8e7a6fff91dddf1a1ee2bfb07bc
SSDEEP

24576:pE68X6rFbP4mPPx1Uo985pZbKm/r8FQcSciuYLUlXXn9yQIRHjpD4Z:6KrZQKUoShtmScYkdvEDG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebe973b64e5398bcab14d9afa1d9d085_JaffaCakes118

Files

ebe973b64e5398bcab14d9afa1d9d085_JaffaCakes118
.dll windows:5 windows x86 arch:x86

48b78ce7524a44841a5ac355932cc0b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetLastError
CreateDirectoryW
TerminateProcess
SetEvent
SetFileAttributesW
LoadLibraryA
CreateDirectoryA
CreateProcessA
GetModuleHandleA
CreateEventA
CloseHandle
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetTickCount
GetTempPathA
GetProcAddress
CreateFileW
VirtualAlloc
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
HeapAlloc
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
RtlUnwind
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode

user32

SetWindowsHookExA
MsgWaitForMultipleObjectsEx
UnhookWindowsHookEx
CallNextHookEx
PeekMessageA
TranslateMessage
DispatchMessageA

Exports

Exports

start
stop

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48b78ce7524a44841a5ac355932cc0b7

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 11KB - Virtual size: 11KB