37475f0ea31284d8bf85aa99bf5d195f_JaffaCakes118

General

Target

37475f0ea31284d8bf85aa99bf5d195f_JaffaCakes118
Size

20KB
MD5

37475f0ea31284d8bf85aa99bf5d195f
SHA1

34a45beb4c51787119c0de5bb91067b60fd72a66
SHA256

81739ea2dd5e7f983257eb59b1e789b775ca679c947c6ed606f3489f58dca8c8
SHA512

8ee98bf7555c409735bd2b041d659da66468e078da7f5ce7d15a315bc111f82c60a85fba453adc2ff97560e7dee3560d853bc56bbc45e68c046279ca41a949ea
SSDEEP

384:EXbg/aWmZIvRcz/RNR/mIyUkacUbDnAuGyT47MM2:sg/ad0QNR/mIyUkacUbDnaBgM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37475f0ea31284d8bf85aa99bf5d195f_JaffaCakes118

Files

37475f0ea31284d8bf85aa99bf5d195f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba730d329a7ec2e0a7f063c1b812f001

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetWindowThreadProcessId
GetForegroundWindow
wsprintfA

kernel32

CloseHandle
CreateFileA
CreateThread
DisableThreadLibraryCalls
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetPrivateProfileStringA
GetProcAddress
GetWindowsDirectoryA
GlobalAlloc
IsBadReadPtr
LoadLibraryA
MultiByteToWideChar
ReadFile
ReadProcessMemory
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
SetFilePointer
Sleep
TerminateProcess
VirtualProtectEx
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

advapi32

RegQueryValueExA

shlwapi

StrStrA
StrChrA

msvcrt

strrchr

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba730d329a7ec2e0a7f063c1b812f001

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 12B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 12B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB