3684cd214f0b30f097289cd2dad8356d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3684cd214f0b30f097289cd2dad8356d_JaffaCakes118
Size

124KB
MD5

3684cd214f0b30f097289cd2dad8356d
SHA1

4ae1db59f68ceed4730e8de5549e0764c7685c88
SHA256

1e4e6474eec46b6f1d7f9032aad9c7c2d5dccd6b975b2cf11c4ce63eedce66de
SHA512

3e94bea451320cf397db757daa77176e08c61b8b8cfc104744cf142e7c7d8f58611994cf6c7b15f48efcd4077cd07fa77ed0ff605213f67d3ae9b509b9bf7e2c
SSDEEP

3072:qJIl7Kq22q6myIUJMCjqIGC142nLwiWndBJHorRV:/RUUJMCjqIGELwi4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3684cd214f0b30f097289cd2dad8356d_JaffaCakes118

Files

3684cd214f0b30f097289cd2dad8356d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6b0e09dfb7c81db5d8162d4f6cdd18da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
GetTickCount
FreeLibrary
LoadLibraryA
MapViewOfFile
OpenFileMappingA
GetModuleHandleA
GetCurrentThreadId
ReadFile
GetFileSize
GetModuleFileNameA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
UnmapViewOfFile
CloseHandle
CreateFileA
SetFilePointer
WriteFile
SetEnvironmentVariableA
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError

user32

SetActiveWindow
PostMessageA
GetFocus
EnumThreadWindows
UnhookWindowsHookEx
SetWindowsHookExA
GetParent
CallNextHookEx
SetForegroundWindow
GetTopWindow
GetClassNameA
GetKeyState
FindWindowA
MapVirtualKeyA
SetFocus
OemKeyScan
GetWindowTextA
OpenClipboard
EmptyClipboard
RegisterClipboardFormatA
SetClipboardData
CloseClipboard
keybd_event
MessageBoxA
PostMessageW
GetKeyboardState
SetKeyboardState
SendMessageA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

ControlDll
FreeHook
GetApplWndHandle
GetApplication
GetMsgFilterFunc
ILRESET
KbdMsgFilterFunc
LoadKbdOverlay
SET_AKSHAR
SetHook
SlGetMsgProc
SlKbdMsgProc
TutorGetAkshar
TutorGetAlterCode
TutorGetKbdName
TutorGetMappedCode
WindTaskFunc

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b0e09dfb7c81db5d8162d4f6cdd18da

Headers

File Characteristics

Imports

kernel32

user32

version

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB