0dc54badfd3fbf07e553a24d6c9d3809_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dc54badfd3fbf07e553a24d6c9d3809_JaffaCakes118
Size

29KB
MD5

0dc54badfd3fbf07e553a24d6c9d3809
SHA1

a2ecaa0cc28a803f2843f286c8301db06ee0b079
SHA256

74604f8bf77a1f29e4f39bcb12c3438397bebddf36203d1e710a690dfea80797
SHA512

006b887bdfa2faf2a477f7250e7e9ad021b71f74d56c978769ba167fac29f6f24838ed5a677789167c209148048e7a4412902b6ecd35d165211e338054eb6178
SSDEEP

384:yKDKc2U+/5DkCGhLroi/TZDSgUW3dHYT4L33BJEs82IdvGIuI7Vrj7B:7WOCDJi/tDSwC4L3TtM4Ihx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc54badfd3fbf07e553a24d6c9d3809_JaffaCakes118

Files

0dc54badfd3fbf07e553a24d6c9d3809_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9c0b4a4497a7c3d09ac6bef3aca9abe1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringA
CreateThread
SetEvent
WriteFile
TerminateThread
IsBadReadPtr
VirtualFree
GetPrivateProfileStringA
GetCommandLineA
CreateMutexA
GetCurrentProcessId
GetTickCount
VirtualFreeEx
lstrlenA
VirtualAllocEx
GetCurrentProcess
GetModuleFileNameA
ReadProcessMemory
VirtualAlloc
SetThreadContext
OpenThread
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
CreateProcessA
ExitProcess
GetCurrentThreadId
DisableThreadLibraryCalls
VirtualProtectEx
CreateEventA
GetLastError
WaitForSingleObject
ResetEvent
CreateFileA
ReadFile
CloseHandle
Sleep
DeleteFileA
GetTempPathA
lstrcatA
GetModuleHandleA
LoadLibraryA
SetUnhandledExceptionFilter
GetProcAddress

user32

GetWindowThreadProcessId
CallNextHookEx
GetWindowTextA
SetWindowsHookExA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

msvcrt

_strcmpi
_strlwr
_stricmp
sprintf
strcat
strlen
strcpy
strstr
memset
??2@YAPAXI@Z
memcpy
strrchr
rand
srand
??3@YAXPAX@Z
strncpy
strchr
strcmp
__CxxFrameHandler

Exports

Exports

HookProc
lll
mmm

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c0b4a4497a7c3d09ac6bef3aca9abe1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 15KB

sdata Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 15KB

sdata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB