f851302e105721d42276d84621dab014_JaffaCakes118

General

Target

f851302e105721d42276d84621dab014_JaffaCakes118
Size

26KB
MD5

f851302e105721d42276d84621dab014
SHA1

5fa195de9f61a9466aa8ce1c5d2c31bf6d3863e3
SHA256

7a6a2201ade9654f101968f7757ee1919c72d0d8863673a47dbb854338143b5b
SHA512

6296b04b07adc87b2064e22b225dfd7d472409014e824e40dc204e6e01488760d5639778a7b6ea97c63006e5a942608d7677572975ed73d1ae4145333e2d6535
SSDEEP

768:hiygPYqEdD3gTlU4Rbw9YZf+a//xhkDv6o4Ahlsq6pO7YfY:hiyg/hM6uv6c6pmYfY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f851302e105721d42276d84621dab014_JaffaCakes118

Files

f851302e105721d42276d84621dab014_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d8a0b2e9a78c1ecf76570765c15f008b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
GetModuleHandleA
CreateMutexA
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetTickCount
VirtualProtectEx
InitializeCriticalSection
ExitProcess
GetCurrentThread
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcess
GetCommandLineA
Thread32Next
SetThreadContext
OpenThread
Thread32First
CreateToolhelp32Snapshot
WriteFile
VirtualProtect
WideCharToMultiByte
ReadProcessMemory
WriteProcessMemory
IsBadReadPtr
TerminateThread
CreateThread
GetLastError
CreateFileA
ReadFile
CloseHandle
Sleep
DeleteFileA
SetUnhandledExceptionFilter

user32

FindWindowA
CallNextHookEx
GetWindowThreadProcessId
UnhookWindowsHookEx
SetWindowsHookExA
GetForegroundWindow
GetWindowTextA

wininet

InternetCloseHandle
InternetReadFile

msvcrt

free
_initterm
malloc
_adjust_fdiv
_strupr
_stricmp
_strlwr
fopen
fread
fclose
strcat
??2@YAPAXI@Z
memcpy
strrchr
memset
strlen
atoi
sprintf
strcpy
rand
srand
strncpy
strcmp
wcslen
strstr

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a0b2e9a78c1ecf76570765c15f008b

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 3KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 3KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 2KB