2a5202f0fe77166a771aefa4bd7c710b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a5202f0fe77166a771aefa4bd7c710b_JaffaCakes118
Size

88KB
MD5

2a5202f0fe77166a771aefa4bd7c710b
SHA1

fa3a383b7b5469881060a4cc0702cf59c199faaa
SHA256

6a3705b61aa88649a0a06b5372f8dfbc066dbf3b0025b2ff463fe26b67ebbe6e
SHA512

4a3aa5514d6b06330fa16af95fa15fe9a47a1604eb3fe985d61354dae543a4c6edde14703f83c50dc643c2b464ebe7c1ae0b65400c9f78447062f2e56ececb24
SSDEEP

768:v8D84DQ73C68QrkA7qu70KZMNPg478D84DQ73C68QrkA7qu70KZMNPg4+7g2Ok1s:vZE4C6l4KuNPgMZE4C6l4KuNPgQkgec

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a5202f0fe77166a771aefa4bd7c710b_JaffaCakes118

Files

2a5202f0fe77166a771aefa4bd7c710b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ToAscii
SendInput
MapVirtualKeyA
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetDC
wsprintfA
GetClientRect

kernel32

GetCurrentProcess
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
LoadLibraryA
MultiByteToWideChar
OpenProcess
CloseHandle
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
ExitThread
Sleep
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
DisableThreadLibraryCalls
DeleteFileA
CreateThread
CreateRemoteThread
SetFilePointer
CreateFileA
ReadFile

advapi32

RegQueryValueExA

shlwapi

StrChrA
StrStrA

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
CreateCompatibleBitmap

ole32

CLSIDFromString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup

ws2_32

closesocket
connect
gethostbyname
inet_addr
ntohs
recv
send
socket
WSAStartup
WSACleanup

msvcrt

strrchr

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse
sub_pic

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shlwapi

gdi32

ole32

gdiplus

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 16B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 16B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB