32301e50c6eb6c0855e69060e7df261b_JaffaCakes118

General

Target

32301e50c6eb6c0855e69060e7df261b_JaffaCakes118
Size

9KB
MD5

32301e50c6eb6c0855e69060e7df261b
SHA1

e48827739b1593d7ecaf2b05a4093cb3c23fe36e
SHA256

acd8be6d37997f21447a769d73d3fb80a99c99c08bc4ff3bf9310a7e855fddc3
SHA512

dbd9a4e1f6a2f75e53989ebaf4ae197fd493d0b163c813c12401a48c5f6d137d32658e3117cd5bf3d72be5ba03d8d55e404b15d103bb83e8c97e9e9b32201b5c
SSDEEP

192:1f6f4Jfi8VkXrkasLJx/xTHxkZUWoXHPwHJTOnDWxXxCRZFD:1fVDVQrkasLT1HxkZ4KKRLD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32301e50c6eb6c0855e69060e7df261b_JaffaCakes118

Files

32301e50c6eb6c0855e69060e7df261b_JaffaCakes118
.dll windows:1 windows x86 arch:x86

5a47d4f28fe20a0e99fea5427fb5eb94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateProcessA
CreateThread
ExitProcess
FreeLibraryAndExitThread
GetCommandLineA
GetModuleFileNameA
GetProcAddress
GetShortPathNameA
LoadLibraryA
OpenEventA
RtlZeroMemory
Sleep
TerminateThread
VirtualAlloc
VirtualProtect
WaitForSingleObject
WinExec
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW

user32

CallWindowProcA
CreateDialogParamW
FindWindowW
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

ws2_32

WSASocketA
closesocket
connect
gethostbyname
ioctlsocket
ntohs
recv
select
send
setsockopt
socket

wininet

InternetConnectA

wintrust

WinVerifyTrust

shell32

ShellExecuteA
StrRChrA

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

5a47d4f28fe20a0e99fea5427fb5eb94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wininet

wintrust

shell32

icmp

Exports

Exports

Sections

.code Size: 8KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 678B

.code
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 678B