25733876bbe022bff8337f987d41f019_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25733876bbe022bff8337f987d41f019_JaffaCakes118
Size

36KB
MD5

25733876bbe022bff8337f987d41f019
SHA1

2625af3549de2fb726e14d966a8dc19b1777bbbd
SHA256

8dda00be6889ce02407815c6ad6855a8e051c0744e9febd4ceaf815840db589c
SHA512

614e078d364a530bbe602177714e8888d19c60ca9f91cee15e504bbbdd3c94e14a9d871922c3c546a21e1ba580814930fa8f1456ce7ad9f7d2e6a81cfe1222cf
SSDEEP

384:ewGUxib/ZJwUpTEB8aXdRxhkmlYnjuaygIglnoIo9depGs/:ewGUx+BSUpTEBNRx+lSgloIo9spG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25733876bbe022bff8337f987d41f019_JaffaCakes118

Files

25733876bbe022bff8337f987d41f019_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca68f28856faf3611003eca54bbc0d9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetCompositionStringA
ImmGetContext
ImmReleaseContext

kernel32

GlobalAddAtomA
GetModuleFileNameA
GetEnvironmentStrings
WideCharToMultiByte
RtlUnwind
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
LCMapStringW
HeapAlloc
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetProcAddress
LoadLibraryA
LCMapStringA

user32

SetWindowsHookExA
GetWindowTextA
PostMessageA
CallNextHookEx
UnhookWindowsHookEx

Exports

Exports

SetAppWindowHandle
StartKeyHook
StartMouseHook
StartMsgHook
StartShellHook
StopKeyHook
StopMouseHook
StopMsgHook
StopShellHook

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca68f28856faf3611003eca54bbc0d9f

Headers

File Characteristics

Imports

imm32

kernel32

user32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.shared Size: 4KB - Virtual size: 24B

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.shared
Size: 4KB - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 4KB - Virtual size: 1KB