381f3202fdf6ccdd5e62140b1d920662_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

381f3202fdf6ccdd5e62140b1d920662_JaffaCakes118
Size

122KB
MD5

381f3202fdf6ccdd5e62140b1d920662
SHA1

2e0f187fcd4c03f33556cbba48764eecdf014d0e
SHA256

051b59af46e64b88cc6f131ebb579d4e116ad105606eb64c594a1b07b0e542b1
SHA512

05305c8cf7662b712b666c65e19f2d6177c4aec7e4902e2c46cf23aecfdb70e134ec06c324c45818b06049626db2220144c8bb3ac838d1ede7af1d15ffc131a3
SSDEEP

1536:qir+zYMlXBWG5mGnVcIYOHFMI6MyC8vo5hMcWCi2j/coZbNk0bs4wB8kA:ycKBWQmw6z6MeyC9hZi2j/nZe0bsW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
381f3202fdf6ccdd5e62140b1d920662_JaffaCakes118

Files

381f3202fdf6ccdd5e62140b1d920662_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9c6e8b6e03036d72726c82306dffca2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetComputerNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
SetThreadContext
GetThreadContext
GetCurrentThread
SetUnhandledExceptionFilter
ExitProcess
CloseHandle
ReadFile
CreateFileA
GetCommandLineA
GlobalUnlock
OutputDebugStringA
CreateEventA
OpenEventA
TerminateThread
GetProcAddress
GetCurrentProcessId
TerminateProcess
OpenProcess
GetCurrentThreadId
CreateThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
DeleteFileA
WriteFile
GetFileSize
VirtualProtectEx
SetThreadPriority
CopyFileA
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
GetThreadPriority
Thread32First
GetWindowsDirectoryA
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GlobalAlloc
GlobalLock
GetModuleHandleA
ReadProcessMemory
GlobalFree
CreateRemoteThread
GetModuleFileNameA
RtlUnwind

user32

GetDCEx
GetDC
GetCursor
SendMessageA
EnumChildWindows
GetClassNameA
IsWindowVisible
ReleaseDC
ClientToScreen
GetClientRect
ToAscii
MapVirtualKeyA
GetKeyboardState
GetKeyState
GetForegroundWindow
IsWindowEnabled
GetAsyncKeyState
ToUnicode
wsprintfA
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
GetMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetInputState
PostThreadMessageA
GetDesktopWindow

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

gdi32

GetPixel

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c6e8b6e03036d72726c82306dffca2a

Headers

File Characteristics

Imports

kernel32

user32

wininet

gdi32

advapi32

Sections

.text Size: 111KB - Virtual size: 111KB

sdata Size: 1024B - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 111KB - Virtual size: 111KB

sdata
Size: 1024B - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 8KB