08be2edf72ae80d2fdda8151ec5cbe66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08be2edf72ae80d2fdda8151ec5cbe66_JaffaCakes118
Size

124KB
MD5

08be2edf72ae80d2fdda8151ec5cbe66
SHA1

ae78b63a223d73dd5bb54aabab27fdf3c74f6e01
SHA256

718817e35504358d9c3e09635e693ff810fb733c9218e7b0a809807a0e70a949
SHA512

8c5d5a3b305d5985f8c779661137032067420f9c3b7e52d573d78cb59857f0d5be1cb92515336d723bf0156f42697f251d51e99dfc9471e26e850d9466e9b425
SSDEEP

768:J/6yebERn53+b9728qDDNs80SHGb44qqXh65zIPxM:J/63w93Nz0myXA5EG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08be2edf72ae80d2fdda8151ec5cbe66_JaffaCakes118

Files

08be2edf72ae80d2fdda8151ec5cbe66_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3eb1b2ca78728f6f9b182de146eaa76d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
GetProcAddress
ReadProcessMemory
GetCurrentProcess
GlobalLock
GlobalAlloc
GetModuleHandleA
GlobalFree
GlobalUnlock
IsBadReadPtr
CreateThread
GetTickCount
VirtualProtect
TerminateThread
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
TerminateProcess
GetCurrentProcessId
LoadLibraryA
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
VirtualAlloc
WritePrivateProfileStringA
GetLastError
CreateMutexA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
DeleteFileA
CreateProcessA
GetCurrentThreadId
DisableThreadLibraryCalls
Sleep
GetPrivateProfileIntA
EnterCriticalSection
GetPrivateProfileStringA

user32

FindWindowA
GetKeyState
GetClassNameA
GetDesktopWindow
SendMessageA
GetWindowTextA
GetWindowThreadProcessId
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetForegroundWindow
TranslateMessage
DispatchMessageA
FindWindowExA
UnhookWindowsHookEx
GetWindow

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

shlwapi

PathFileExistsA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

imagehlp

ImageLoad
ImageUnload

msvcrt

_strlwr
_adjust_fdiv
malloc
_initterm
free
strrchr
fread
??2@YAPAXI@Z
strstr
wcslen
strcmp
strcpy
strcat
_stricmp
strncpy
srand
rand
strlen
memcpy
memset
sprintf
fopen
fclose

Exports

Exports

Init

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdt
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3eb1b2ca78728f6f9b182de146eaa76d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.sdt Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.sdt
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB