28c74663ac5ca8980e705764032dbca0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28c74663ac5ca8980e705764032dbca0_JaffaCakes118
Size

29KB
MD5

28c74663ac5ca8980e705764032dbca0
SHA1

bde167b86c5d389ae55f49e2997d9a0a7a65a4e4
SHA256

eff78822a195a7adfceec2c0cf843934e5a869c10bad0c545364793ac162425e
SHA512

ae1636007cb39a212d1d3e2d0345840df911ea783b0fcd397358df7d93c00a5755d71db3eca5cb4a4d7c864444a963ba7959ed530382ac236e1c124b9f338f94
SSDEEP

768:6A/qwTJychbJqagE0b4kGjPop9M9FRrlc:5fmbhgPoo9F5m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28c74663ac5ca8980e705764032dbca0_JaffaCakes118

Files

28c74663ac5ca8980e705764032dbca0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7836b12a577fa6423ec981a3a452ae7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
SetFilePointer
GetFileSize
CreateFileA
lstrcatA
GetSystemDirectoryA
lstrcmpA
WriteFile
SetEndOfFile
FlushFileBuffers
FlushViewOfFile
OpenMutexA
GetVersionExA
DeviceIoControl
SetThreadPriority
LoadLibraryA
GetModuleFileNameA
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
DisableThreadLibraryCalls
GetLastError
FreeLibrary
SetLastError
InterlockedIncrement
ReleaseMutex
WideCharToMultiByte
lstrcpynA
lstrlenA
OpenProcess
CreateProcessA
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
FreeLibraryAndExitThread
OpenEventA
GetExitCodeThread
TerminateThread
LocalFree
ExitThread
GetTickCount
LocalAlloc
SetEvent
UnmapViewOfFile
CloseHandle
CreateFileMappingA
MultiByteToWideChar
MapViewOfFile
CreateMutexA
CreateEventA
WaitForSingleObject
InterlockedDecrement
CreateThread

user32

DispatchMessageA
TranslateMessage
GetMessageA
EnumWindows
FindWindowExA
RegisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
PostQuitMessage
FindWindowA
SendMessageA
wsprintfA
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
SendMessageTimeoutA

oleaut32

VariantCopy
VariantInit
VariantClear
SysFreeString
SysAllocString

ole32

OleInitialize
CoCreateInstance
OleUninitialize

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext

msvcrt

_CxxThrowException
time
atoi
wcslen
_stricmp
??2@YAPAXI@Z
memcmp
??3@YAXPAX@Z
strncpy
memset
??1type_info@@UAE@XZ
_onexit
__dllonexit
free
strlen
memcpy
malloc
_initterm
_adjust_fdiv

ws2_32

connect
gethostbyname
htons
socket
WSAStartup
gethostname
send
__WSAFDIsSet
accept
bind
closesocket
getsockname
htonl
listen
select
shutdown
recv
WSACleanup

msserv

_HackLib_HookAllApps@8

Exports

Exports

?RemoteFreeLibrary@@YAHPAUHWND__@@PAUHINSTANCE__@@K@Z
?RemoteGetModuleHandleA@@YAPAUHINSTANCE__@@PAUHWND__@@PBDK@Z
?RemoteLoadLibraryA@@YAPAUHINSTANCE__@@PAUHWND__@@PBDK@Z
?StartProxy@@YGPAXI@Z
hook_to

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7836b12a577fa6423ec981a3a452ae7e

Headers

File Characteristics

Imports

kernel32

user32

oleaut32

ole32

advapi32

msvcrt

ws2_32

msserv

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.data Size: 1KB - Virtual size: 67KB

.shared Size: 1024B - Virtual size: 652B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 23KB

.data
Size: 1KB - Virtual size: 67KB

.shared
Size: 1024B - Virtual size: 652B

.reloc
Size: 2KB - Virtual size: 2KB