23e1b3fdf2b1ac635cb8d459e7f74331_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23e1b3fdf2b1ac635cb8d459e7f74331_JaffaCakes118
Size

820KB
MD5

23e1b3fdf2b1ac635cb8d459e7f74331
SHA1

7886e0567990b4d93b438ea4f199c9390354b521
SHA256

ce9fdd3f2c4c815dc3df2aec728fe4754821016e9aad412b2d3d771e44fea7d3
SHA512

44804c491c87ce41eda35fad15be101978a5051363b124170f237cf23a64db9d81d3491f0a21a73eb996b33caf342f477f6b2acf596ff6c0ef188ab44eef8fe6
SSDEEP

1536:Fp8xpcX427pjwokGieTwtlT6IegqnXT/mL+acn+5WPN+5tXd3z0UBr/YKoGH:FpWOf0tlTp1GTtnPN+5zjNr/Y4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23e1b3fdf2b1ac635cb8d459e7f74331_JaffaCakes118

Files

23e1b3fdf2b1ac635cb8d459e7f74331_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6e20f0a555bfbc5a1321c57520d8674b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
GetLocaleInfoA
CloseHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GlobalDeleteAtom
GlobalAddAtomA
GetModuleHandleA
GetModuleFileNameA
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
InitializeCriticalSection
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar

user32

RegisterWindowMessageA
EnumWindows
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetUpdateRgn
GetPropA
SetPropA
GetCursor
GetWindowRect
IsWindowVisible
PostMessageA
GetClientRect
ClientToScreen
RemovePropA

gdi32

GetRegionData
DeleteObject
CreateRectRgn

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

Exports

Exports

SetHook
SetKeyboardFilterHook
SetKeyboardPriorityHook
SetKeyboardPriorityLLHook
SetMouseFilterHook
SetMousePriorityHook
SetMousePriorityLLHook
UnSetHook

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 748KB - Virtual size: 745KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e20f0a555bfbc5a1321c57520d8674b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 11KB

.SharedD Size: 4KB - Virtual size: 68B

.rsrc Size: 748KB - Virtual size: 745KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 11KB

.SharedD
Size: 4KB - Virtual size: 68B

.rsrc
Size: 748KB - Virtual size: 745KB

.reloc
Size: 8KB - Virtual size: 5KB