3089e4f6b8290e02a366c2c1d24ae3d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3089e4f6b8290e02a366c2c1d24ae3d1_JaffaCakes118
Size

35KB
MD5

3089e4f6b8290e02a366c2c1d24ae3d1
SHA1

e85fc39f6b8d5165597a1b7d60b84fcbfb823a4e
SHA256

0154fb43d79b750a7c1c4909cee489aa2d8510c09acbbcde4ebeede3f1707bc8
SHA512

fef2b45c6ba513c04900622861be5d3b839b79094673d8eab76a86d57d751cba360c89c542e934e11a80bc8caba482996c35ef7bc3172f73018f54b8f4fc182f
SSDEEP

768:Mhdx78A1u+QVz8vHa957SpRctuAIU7m4V7yC/jOn6HGEXQz0wBghEmp:MhLX0evHa9gpRWuDom4V7yC/zmEX0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3089e4f6b8290e02a366c2c1d24ae3d1_JaffaCakes118

Files

3089e4f6b8290e02a366c2c1d24ae3d1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fded4d115f65233b58ff04944481a4c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteProcessMemory
WriteFile
WinExec
WideCharToMultiByte
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
SetFilePointer
ReadProcessMemory
ReadFile
OpenFileMappingA
MoveFileExA
MapViewOfFile
LoadLibraryA
IsValidCodePage
IsDBCSLeadByteEx
GlobalFindAtomA
GlobalAddAtomA
GetWindowsDirectoryA
GetTickCount
GetTempPathA
GetStdHandle
GetProcAddress
GetModuleFileNameA
GetLocalTime
GetLastError
GetCurrentThreadId
GetCurrentProcess
GetConsoleCP
GetCommandLineA
FindFirstFileA
FindClose
CreateThread
CreateMutexA
CreateFileA
CompareStringA
CloseHandle
GetCurrentThreadId
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
VirtualProtect

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

gdi32

GetTextCharacterExtra
GetPixelFormat
GetPixel
GetNearestPaletteIndex
GetMapMode
EqualRgn
EndDoc

oleaut32

SysFreeString
SysAllocStringLen

user32

UnhookWindowsHookEx
SetWindowsHookExA
SendMessageA
PostThreadMessageA
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
GetWindowTextA
GetWindowLongA
GetTopWindow
GetThreadDesktop
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetScrollPos
GetWindow
GetNextDlgTabItem
GetMessageTime
GetMessagePos
GetMessageA
GetListBoxInfo
GetKeyboardType
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetClassNameA
GetCaretBlinkTime
GetActiveWindow
FindWindowA
EndDialog
CallNextHookEx

winmm

timeKillEvent
timeSetEvent

wsock32

WSACleanup
WSAStartup
gethostbyname
socket
send
recv
htons
connect
closesocket

Exports

Exports

ksHookwo
tzHookwo

Sections

CODE
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 87B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fded4d115f65233b58ff04944481a4c9

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

oleaut32

user32

winmm

wsock32

Exports

Exports

Sections

CODE Size: - Virtual size: 19KB

DATA Size: - Virtual size: 532B

BSS Size: - Virtual size: 2KB

.idata Size: - Virtual size: 2KB

.edata Size: - Virtual size: 87B

.vmp0 Size: - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

.vmp1 Size: - Virtual size: 9KB

.vmp2 Size: 32KB - Virtual size: 32KB

.reloc Size: 1024B - Virtual size: 544B

CODE
Size: - Virtual size: 19KB

DATA
Size: - Virtual size: 532B

BSS
Size: - Virtual size: 2KB

.idata
Size: - Virtual size: 2KB

.edata
Size: - Virtual size: 87B

.vmp0
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B

.vmp1
Size: - Virtual size: 9KB

.vmp2
Size: 32KB - Virtual size: 32KB

.reloc
Size: 1024B - Virtual size: 544B