07274665dd680d5b239fbf41abfdc0db_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07274665dd680d5b239fbf41abfdc0db_JaffaCakes118
Size

10KB
MD5

07274665dd680d5b239fbf41abfdc0db
SHA1

9242bac6b850868d9cf39dd4d4896cea9713f4fa
SHA256

921f69300a1f044bda5405d71e8b9c1174bbb590d58a7b100e65d1f20b615cc5
SHA512

b587cb91c34de0addc5b428b61ffb52aebab989240d4ea89ae0ca65d0a3ffe07aea29a821aabeea72bcdc9874c6fcf82fef0de92f081e3a6b360917f6b678dc2
SSDEEP

192:IbsJ9d0BiNGXs3dzszxn3MQwQlyqo1VY15myOzaH9n4eP7E/:IbW45n3fDTD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07274665dd680d5b239fbf41abfdc0db_JaffaCakes118

Files

07274665dd680d5b239fbf41abfdc0db_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a6138640c1f65032c6b6b742ca9356dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemDirectoryA
GetTempPathA
Sleep
MultiByteToWideChar

user32

SetWindowsHookExA
FindWindowA
RegisterWindowMessageA
UnhookWindowsHookEx
CallNextHookEx
GetWindowThreadProcessId
SendMessageA

advapi32

RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

msvcrt

_adjust_fdiv
_initterm
free
??2@YAPAXI@Z
strstr
strlen
malloc
__CxxFrameHandler

Exports

Exports

endhook
installHook
setReg
setflag

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hookdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6138640c1f65032c6b6b742ca9356dc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1024B - Virtual size: 1KB

hookdata Size: 512B - Virtual size: 12B

.reloc Size: 1024B - Virtual size: 608B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 1KB

hookdata
Size: 512B - Virtual size: 12B

.reloc
Size: 1024B - Virtual size: 608B