f7fb5d48071eaf09e7113610848cd92d_JaffaCakes118

General

Target

f7fb5d48071eaf09e7113610848cd92d_JaffaCakes118
Size

28KB
MD5

f7fb5d48071eaf09e7113610848cd92d
SHA1

43e64579c8347b39189a50d32320c8214cb17d34
SHA256

dc9703a66c5ad79d5b33ed591e158cea367fbd97f1366f6fa962fb9f9b8e2ef8
SHA512

ef9c0ae107c40145f2f47b9b21ba767778cb214059980d504e536e288faaf478abaad5d3bcaa6731e781d1ce161f52616d9f28e5f7be9e826715e6d9aa8837a4
SSDEEP

384:fvPGZbkcNYzRwsakrWiJMwjDnB/l99uGHmm:f3wj2zRwkrWiJfNlCm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7fb5d48071eaf09e7113610848cd92d_JaffaCakes118

Files

f7fb5d48071eaf09e7113610848cd92d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0bc88c302d120178a4ec165ba747758d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
WriteProcessMemory
GetCurrentProcess
VirtualProtect
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
DeviceIoControl
OutputDebugStringA
lstrcmpA
GetSystemDirectoryA
GetModuleFileNameA
GetVersion
_lclose
_lopen
GetTickCount
ResumeThread
SuspendThread
GetVersionExA
LoadLibraryA
VirtualQuery
DeleteCriticalSection
GetFileSize
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
SetLastError
CloseHandle
CreateFileA
GetLastError

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcW
DefWindowProcA
EndDialog
KillTimer
PostMessageA
FindWindowExA
SetWindowTextA
GetDlgItem
MoveWindow
GetClassNameA
GetWindowLongA
IsDlgButtonChecked
SendMessageA
GetWindow
SetTimer
IsWindow
IsWindowUnicode
SetWindowLongW
SetWindowLongA
CallWindowProcW
CallWindowProcA
MessageBoxA
GetDlgCtrlID

advapi32

OpenServiceA
CloseServiceHandle
OpenSCManagerA
ControlService
StartServiceA
CreateServiceA
DeleteService

shlwapi

SHGetValueA

msvcrt

memcmp
strlen
_stricmp
__CxxFrameHandler
_snprintf
sprintf
atoi
??2@YAPAXI@Z
??3@YAXPAX@Z
free
malloc
memmove
memset
memcpy
strcpy
strcat
strstr
_strlwr
_initterm
_adjust_fdiv
memchr

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bc88c302d120178a4ec165ba747758d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 19KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 19KB

.reloc
Size: 4KB - Virtual size: 2KB