1579f73aff8e8d3981df8c650fdaf053_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1579f73aff8e8d3981df8c650fdaf053_JaffaCakes118
Size

2.5MB
MD5

1579f73aff8e8d3981df8c650fdaf053
SHA1

dde5843920837aa64ec196ddbc9619d1f9317917
SHA256

b20f971e90e2783dc8456d57c92bcdfd02760364ced82363698dbbd0c6243ecf
SHA512

4372e0df0819ecb1bcd77c81b1f79b6933ba16a0f886bf7d80bd50d609b5c6b6207ee0fec665d782f93be854d38d5c94f238b5ec4d93dfe14475d292854c5be6
SSDEEP

49152:IW/WMQu2XG8ZoI9Z9rqyI44HppuzGxHHY4L2q5HkL+eUYWHsiJNXvkUc:IUkWGoqZ92yVG/uzGNV9HkAVHL/Dc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1579f73aff8e8d3981df8c650fdaf053_JaffaCakes118

Files

1579f73aff8e8d3981df8c650fdaf053_JaffaCakes118
.dll windows:4 windows x86 arch:x86

00bb19addf788dee0904b277db0cae2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
CloseHandle
SetEvent
TerminateProcess
GetCurrentProcess
ExitProcess
GetFileSize
CreateFileA
GetProcAddress
GetModuleHandleA
IsBadReadPtr
WaitForSingleObject
GetCommandLineA
ReadFile
lstrcatA
SetFilePointer
VirtualProtect
GetProcessHeap
VirtualProtectEx
HeapAlloc
OpenEventA
LoadLibraryW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
Sleep
CreateThread
CreateEventA

user32

SetWindowsHookExA
CallNextHookEx
SendMessageA
wvsprintfA
FindWindowA
BroadcastSystemMessageA

msvcrt

malloc
_itoa
_strcmpi
_adjust_fdiv
_initterm
free
sprintf
wcscmp
wcslen
swprintf
strncpy
strstr
??2@YAPAXI@Z
_except_handler3
strrchr
realloc
_strlwr

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vmp0
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.upx0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00bb19addf788dee0904b277db0cae2f

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

vmp0 Size: 512B - Virtual size: 1B

.rsrc Size: 512B - Virtual size: 16B

.upx0 Size: 2KB - Virtual size: 1KB

.upx1 Size: 31KB - Virtual size: 30KB

.reloc Size: 1024B - Virtual size: 904B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

vmp0
Size: 512B - Virtual size: 1B

.rsrc
Size: 512B - Virtual size: 16B

.upx0
Size: 2KB - Virtual size: 1KB

.upx1
Size: 31KB - Virtual size: 30KB

.reloc
Size: 1024B - Virtual size: 904B