2ec660e24a5f2e956b482373bf15e0da_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ec660e24a5f2e956b482373bf15e0da_JaffaCakes118
Size

64KB
MD5

2ec660e24a5f2e956b482373bf15e0da
SHA1

e8c662e665ee99901babc88f2a90e19568e9127c
SHA256

1c35b0975b2c65397a724fe192667a33c37b1f88771e8e7399cc014914c63074
SHA512

e93fbaf973bf0ab4764cfc09872c664cbeb1ad728cdd3ce0ada0115e6ea667ee822a768409e0f8e519092e3dbeda1e49e976cf1aaf52e54cd30af17578189c7f
SSDEEP

1536:rd7GupS2aGkYuxK9LJ6Zj+AoSkEHTtFgJvTkWJ2PBlwom8:4upofggwCBlwom8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ec660e24a5f2e956b482373bf15e0da_JaffaCakes118

Files

2ec660e24a5f2e956b482373bf15e0da_JaffaCakes118
.dll windows:4 windows x86 arch:x86

90f5db96870fcd0eaaad5a83048799c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
Sleep
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GlobalLock
LCMapStringA
RtlUnwind
SetEndOfFile
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetModuleFileNameA
GlobalUnlock
GetSystemDirectoryA
CreateThread
LCMapStringW
GetVersion
CreateFileA
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
GetTimeZoneInformation
GetLocalTime
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetLastError
CloseHandle
ReadFile
InitializeCriticalSection
WriteFile
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
SetFilePointer
ExitProcess
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsA

user32

ToAscii
GetKeyState
GetKeyboardState
MessageBoxA
CloseClipboard
OpenClipboard
GetClipboardData
CallNextHookEx
GetForegroundWindow
GetAsyncKeyState
PtInRect
ScreenToClient
GetCursorPos
GetClientRect
GetDesktopWindow
GetWindowDC
ClientToScreen
ReleaseDC
SetWindowsHookExA
GetWindowTextA
UnhookWindowsHookEx
GetWindowThreadProcessId
SetCursorPos

gdi32

GetPixel

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA

ws2_32

inet_ntoa
gethostbyname
gethostname
WSAStartup
recv
send
WSACleanup
closesocket
connect
inet_addr
htons
socket

urlmon

URLDownloadToFileA

Exports

Exports

insthook

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90f5db96870fcd0eaaad5a83048799c4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 10KB

shared Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 10KB

shared
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB