1b4dee88c74e0f27bf957334902e6c79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b4dee88c74e0f27bf957334902e6c79_JaffaCakes118
Size

27KB
MD5

1b4dee88c74e0f27bf957334902e6c79
SHA1

9d590889ef06a7f5c0540ec8df0db3ef1852089e
SHA256

9b6ec3fea631a496534ec002bdafd0feedf4f4c2c37277e1b227c3f5b1349f2c
SHA512

36b3aae2ccf465c6ec899b8b36e2f83eebb6c3d71fb73f33f3c56ee58837a03066ba5a67665c9fd2a9cfbde6fa16c3324a09928409ad394b1eaae9f050bd31f8
SSDEEP

384:DFQOmS0cwQDm16s18ucxWMzuSk2NRZcobihvbGY0WYzF2b0oYYvlyrwY063BHBYm:DVhagaMqSkscEi8aYZ60oZvlBJACUP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b4dee88c74e0f27bf957334902e6c79_JaffaCakes118

Files

1b4dee88c74e0f27bf957334902e6c79_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9ce3c8b79850b5704879e35c025a17bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
CloseHandle
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
Thread32Next
TerminateThread
Thread32First
CreateToolhelp32Snapshot
SetFilePointer
HeapAlloc
GetProcessHeap
DeleteFileA
GetLastError
FindClose
FindFirstFileA
GetPrivateProfileStringA
OpenProcess
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
Sleep
GetModuleHandleA
GetProcAddress
CreateThread
FreeLibrary
GetModuleFileNameA
GetWindowsDirectoryA
LoadLibraryA

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetClassNameW
wsprintfA
GetForegroundWindow
GetWindowThreadProcessId
GetWindowTextA
GetWindow
GetWindowRect
GetDC

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

msvcrt

_strcmpi
_strupr
free
strcpy
memset
malloc
sprintf
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
strstr
rand
srand
time
wcslen
wcsncat
wcscpy
wcsstr
strncpy
exit
memcpy
_except_handler3
strrchr
strlen
_local_unwind2
tolower
_vsnprintf

wininet

InternetCloseHandle

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ce3c8b79850b5704879e35c025a17bf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

wininet

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

shared Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 1KB