2caf80332a5a92a6bdcaf2865c8f5d96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2caf80332a5a92a6bdcaf2865c8f5d96_JaffaCakes118
Size

72KB
MD5

2caf80332a5a92a6bdcaf2865c8f5d96
SHA1

776c37e9a314680cd014140950a3ddac94c6599f
SHA256

e71f533b665d42b0b1c838dba40e0e2844baaa70b94681ab7ed0bd85b7042f48
SHA512

666cff30dce1ee8c0b5962d1e6446e11cfa9a641e37c604fe2b1b62704cdc9dbc2833f4065c84fd744cf807bf5f86ed5c9f615ebda04ac48ff29df957c7fb47e
SSDEEP

768:bNp6RgMDUXX7ovwLK7YxL2p2TWmaFMn5F6GOhbLJoYwMDM:bDaDc7awu7P2TWmRi9b1oYVD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2caf80332a5a92a6bdcaf2865c8f5d96_JaffaCakes118

Files

2caf80332a5a92a6bdcaf2865c8f5d96_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0f6c5e26342b286b24fc3259bc295fb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
CreateEventA
CreateMutexA
VirtualUnlock
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
VirtualProtect
VirtualLock
LoadLibraryA
GetModuleHandleA
CreateThread
GetModuleFileNameA
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
SetEvent
WaitForSingleObject
GetCurrentThreadId
SetLastError
GetLastError
SetThreadPriority
GetCurrentThread
WriteFile
CreateFileA
MapViewOfFile
GetProcAddress
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
InitializeCriticalSection
FreeLibrary
ReleaseMutex
CloseHandle
UnmapViewOfFile
TerminateThread
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
TlsAlloc
TlsSetValue
RtlUnwind
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapSize
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

DispatchMessageA
CallWindowProcA
SendMessageA
RegisterWindowMessageA
FindWindowA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetWindowLongA
DefWindowProcA
RegisterClassExA
CreateWindowExA
GetMessageA
TranslateMessage
GetParent
DestroyWindow
IsWindow
GetClassNameA
SetWindowLongA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

wininet

InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetSetCookieA
InternetGetCookieA
HttpSendRequestA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

installhook
removehook

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f6c5e26342b286b24fc3259bc295fb3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

imagehlp

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 776B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 776B

.reloc
Size: 8KB - Virtual size: 4KB