14e9dc40915c90798c619101e874b166_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14e9dc40915c90798c619101e874b166_JaffaCakes118
Size

40KB
MD5

14e9dc40915c90798c619101e874b166
SHA1

2f2af927dd03f268e25ac76910ab5a60aa2dec98
SHA256

2337d12d5e03f00025bd5f14a7685695fdad96749a0168fe7bc1dfd6eabf6bba
SHA512

bb23b193fe8966680fc4debb6b381399c9e038fff381f923d7b68348bf128cd04f705d14a47fee048bddf7ddff38bfe5db0eedac4858dd156e153a352641fb93
SSDEEP

384:EUJFeJaFh3FDLjScP4/icDscp35cR11PEWt6Gg/NrdvGIuII9svFdAf3rN8t8I:tTEKDDk/icDD3Opjt6FF4Im9iKE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e9dc40915c90798c619101e874b166_JaffaCakes118

Files

14e9dc40915c90798c619101e874b166_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6291ec654cb18bf4d23ebb25abfc563a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WritePrivateProfileStringA
CreateThread
SetEvent
WriteFile
TerminateThread
IsBadReadPtr
VirtualFree
GetPrivateProfileStringA
GetCommandLineA
CreateMutexA
GetCurrentProcessId
GetTickCount
VirtualFreeEx
lstrlenA
VirtualAllocEx
GetCurrentProcess
GetModuleFileNameA
VirtualAlloc
SetUnhandledExceptionFilter
SetThreadContext
OpenThread
WideCharToMultiByte
MultiByteToWideChar
TerminateProcess
CreateProcessA
ExitProcess
GetCurrentThreadId
DisableThreadLibraryCalls
VirtualProtectEx
CreateEventA
GetLastError
WaitForSingleObject
ResetEvent
CreateFileA
ReadFile
CloseHandle
Sleep
DeleteFileA
GetTempPathA
lstrcatA
GetModuleHandleA
LoadLibraryA
ReadProcessMemory
GetProcAddress

user32

GetWindowThreadProcessId
CallNextHookEx
GetWindowTextA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

msvcrt

??3@YAXPAX@Z
_strcmpi
_strlwr
_stricmp
sprintf
strcat
strlen
strcpy
strstr
memset
??2@YAPAXI@Z
memcpy
strrchr
rand
srand
strncpy
strchr
strcmp
__CxxFrameHandler

Exports

Exports

gcged
nwqrew
rewtwtw

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6291ec654cb18bf4d23ebb25abfc563a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 15KB

sdata Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 15KB

sdata
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB