2846a57e478c987b32eb0426eb636c8a_JaffaCakes118

General

Target

2846a57e478c987b32eb0426eb636c8a_JaffaCakes118
Size

22KB
MD5

2846a57e478c987b32eb0426eb636c8a
SHA1

d72092306cc30a60e7cea87482d42d07e32a74bd
SHA256

809dbb662fed5a4a5783fbe015eeca4bca6d4dae045eba96a6d7e0dcbe1fb682
SHA512

ffe35a497238d0dda04bebec71ca4ed888b6a45b36521ed9c1304085f4207da35d8b345090e58a864b0bc9d41f51b0fc759531ae626e10659431f06a6891a712
SSDEEP

192:BmzQkPoWyd0y72qCgPqDQTqpxVr7ulWmGs//qF6Pn5z5AaHSnsOCzCNDu8O4LwNM:BOVi0y7CDQ49eGs/cUVALnswu8rLg9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2846a57e478c987b32eb0426eb636c8a_JaffaCakes118

Files

2846a57e478c987b32eb0426eb636c8a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

516c47ccdffadc64f0acc2057c35f9cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
DeleteFileA
CreateFileA
WriteFile
OpenEventA
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
TerminateProcess
VirtualProtectEx
GetProcAddress
ReadProcessMemory
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentProcess
OutputDebugStringA
CreateEventA
SetThreadPriority
CreateThread
GetPrivateProfileStringA
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
VirtualFree
WideCharToMultiByte
VirtualAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
CloseDesktop
wsprintfA
GetInputState
PostThreadMessageA
GetMessageA

gdi32

CancelDC
CloseEnhMetaFile
Chord

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

516c47ccdffadc64f0acc2057c35f9cd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

Sections

.text Size: 19KB - Virtual size: 18KB

sdata Size: 512B - Virtual size: 260B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 18KB

sdata
Size: 512B - Virtual size: 260B

.reloc
Size: 1KB - Virtual size: 1KB