4df1fed76cd64f0ff03a330e1b45e0b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4df1fed76cd64f0ff03a330e1b45e0b9_JaffaCakes118
Size

93KB
MD5

4df1fed76cd64f0ff03a330e1b45e0b9
SHA1

a0eb50dee8ac6012689a91aba0d99ace1bf60678
SHA256

316d7932437fa03995aa6ca47ea995efc8d1e3433c24ed28321073330f3774ef
SHA512

c123cb8cdac6e917698f1791a24cc1b927e9d964989477c73de595ea2ccc29062e4902aa70a50ae92ab1fd0a8d067a2d1fac82d512524cc83fb481739d4229e3
SSDEEP

1536:srlYmoM7reJj7sl26XxbRGoh7xiPaM2ii2ahCAwLWxOm934og8c/7l7qE:sxYmPPofspGYcnaCWPg8ch9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4df1fed76cd64f0ff03a330e1b45e0b9_JaffaCakes118

Files

4df1fed76cd64f0ff03a330e1b45e0b9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b12eca6c163e29cf5b7ee98ee26fe44b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetProfileStringA
GetProfileIntA
lstrlenA
FindClose
FindNextFileA
FindFirstFileA
lstrcatA
GetWindowsDirectoryA
GetFileTime
SetFileTime
CreateFileA
DeleteFileA
GetModuleHandleA
GetPrivateProfileStringA
GetSystemDirectoryA
HeapSize
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetProcAddress
CloseHandle
LocalAlloc
CopyFileA
LocalFree
GetLastError
MoveFileA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetCurrentProcessId
Sleep
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetFileAttributesA
RtlUnwind
WideCharToMultiByte
ExitProcess
GetTimeZoneInformation
MultiByteToWideChar
ReadFile
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
WriteFile
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

CallNextHookEx
GetForegroundWindow
GetWindowThreadProcessId
GetParent
GetWindowTextA
EnumChildWindows
GetKeyNameTextA
GetWindowLongA
FindWindowA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

Exports

Exports

GetCurrentKeyboardCount
_InstallFilter@8
_JournalProc@12
_RemoveFilter@0

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b12eca6c163e29cf5b7ee98ee26fe44b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 5KB - Virtual size: 12KB

.shared Size: 1024B - Virtual size: 528B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 12KB

.shared
Size: 1024B - Virtual size: 528B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 5KB - Virtual size: 5KB