1c7afc8b9c158c2e39656210f40f7771_JaffaCakes118

General

Target

1c7afc8b9c158c2e39656210f40f7771_JaffaCakes118
Size

32KB
MD5

1c7afc8b9c158c2e39656210f40f7771
SHA1

246620d491d76705a684e177794bbbbd7643743c
SHA256

e60a896be9fed333d1a74cb6cbd84e77b821d9b91d32aaf6baeb483f2e6ec378
SHA512

79783b83f7c2444acebe8f5f6510fd586b8cb8371837c2a5b10554b70f17c9d7b8afa72e71c7d1d56120eebd4407a963069f75d7ac97bf587b3e480b77b73699
SSDEEP

192:HB5bAhPPnzYyHNAO6Zo8XBfrzUKd2rmc0THfgnbtsfVe4Xx/9rKjhwuNlq5ck/ih:hBAhPPnaO2jfh2h0TcifVe4+Lv4capu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c7afc8b9c158c2e39656210f40f7771_JaffaCakes118

Files

1c7afc8b9c158c2e39656210f40f7771_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba1eb1732e729e9d416091498151a851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord535
ord6663
ord539
ord940
ord939
ord941
ord1158
ord540
ord2818
ord4278
ord858
ord860
ord2764
ord537
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
strstr
__CxxFrameHandler

kernel32

SetFilePointer
OpenProcess
CreateThread
CloseHandle
GetModuleFileNameA
Sleep
ReadProcessMemory
ReadFile
GetFileSize
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId

user32

TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx
IsWindowVisible
SendMessageA
DispatchMessageA
FindWindowExA
SendMessageTimeoutA
RegisterWindowMessageA
GetForegroundWindow
UnhookWindowsHookEx
GetClassNameA

ws2_32

send
connect
htons
socket
gethostbyname
WSAStartup
recv
closesocket

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba1eb1732e729e9d416091498151a851

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ws2_32

ole32

oleaut32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 196KB

.SHARDAT Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 196KB

.SHARDAT
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 1KB