2d07ea302e12441745a8b93d92259300_JaffaCakes118

General

Target

2d07ea302e12441745a8b93d92259300_JaffaCakes118
Size

19KB
MD5

2d07ea302e12441745a8b93d92259300
SHA1

ae6cb874bf0c44b35d1da7b5c8a0d8f039ea4293
SHA256

840ebd5ce2579d6897a07e293c79f3db97c3e1190db30b64c9778f3dd708f0bd
SHA512

cb8b821b5c0e3a030585fed6cd0d506d204510e3088e403565057ad7f0f4bdf70ea9d52728550fec17c42b6a4a6baf76a6398729ac316dbc28e8c02e71827916
SSDEEP

384:Qf9ZSZo3H1gNWQSSv/kURDwj92xg/y+qhNYhjtMKEv:Qf9cZUzKHksxKhWGjtMKEv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d07ea302e12441745a8b93d92259300_JaffaCakes118

Files

2d07ea302e12441745a8b93d92259300_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e229425a5eda94ee87c5004ae37b8458

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GlobalFree
GlobalLock
GlobalAlloc
CreateEventA
OpenEventA
GlobalUnlock
GetCommandLineA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentProcess
GetModuleHandleA
DeleteFileA
CreateFileA
WriteFile
GetFileSize
ReadFile
VirtualProtectEx
SetThreadPriority
IsBadReadPtr
VirtualAlloc
VirtualFree
WinExec
GetTempPathA
CloseHandle
GetCurrentProcessId
ReadProcessMemory
CreateThread
GetProcAddress
Sleep

user32

GetInputState
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
wsprintfA
FindWindowA
PostThreadMessageA
GetWindowThreadProcessId
GetMessageA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA

urlmon

URLDownloadToFileA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e229425a5eda94ee87c5004ae37b8458

Headers

File Characteristics

Imports

kernel32

user32

wininet

urlmon

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

sdata Size: 512B - Virtual size: 512B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

sdata
Size: 512B - Virtual size: 512B

.reloc
Size: 1KB - Virtual size: 1KB