354b977b009272e9b8731be518b2b2d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

354b977b009272e9b8731be518b2b2d5_JaffaCakes118
Size

72KB
MD5

354b977b009272e9b8731be518b2b2d5
SHA1

8436b337aa17c946c687b5b473d6a9ed3ecc4cf0
SHA256

d9ce19d3edd34da7b5e1dc243390affdd10104104738e6e13217ddc8bc6786be
SHA512

5b74f7ad34bf5c5b8cba3a480ebfac1dcba3be8aef7b9bfa99fd34a1b0de1dda6d4b242034528c86569739f89eaa97775794404b4f662938011c2417052fdb9d
SSDEEP

768:gkDhk75LfdNz5YfK+D0eBmQyWfe7f7L/xRcTpEfXvnFHQhDvBtsmk:UZaC1ezSf/xRLfXvFHQJBtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
354b977b009272e9b8731be518b2b2d5_JaffaCakes118

Files

354b977b009272e9b8731be518b2b2d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0aa6ac45aa13b8dd1a571176ba7d2cfa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

kernel32

InterlockedDecrement
lstrcpynA
SetThreadPriority
GetCurrentThread
DisableThreadLibraryCalls
GetProcAddress
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
GetModuleHandleA
GetSystemInfo
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
LCMapStringW
RtlUnwind
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx

Exports

Exports

getVer
hideProcess
showProcess

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHAREDAT
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0aa6ac45aa13b8dd1a571176ba7d2cfa

Headers

File Characteristics

Imports

imagehlp

kernel32

user32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 6KB

SHAREDAT Size: 4KB - Virtual size: 8B

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 6KB

SHAREDAT
Size: 4KB - Virtual size: 8B

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB