3df388747f0155792763d12c792a7e84_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3df388747f0155792763d12c792a7e84_JaffaCakes118
Size

64KB
MD5

3df388747f0155792763d12c792a7e84
SHA1

185b042c28b5eebcde426642387cddaac0b67289
SHA256

5e2844676ed1a379704ed7368cadbe6f471299e0567e097352761cf8171a4c85
SHA512

e8043396ccf5817d5fcfe3a4f81753e9b7c53c2bc4f7813a9c0b4838ba113fce7b94021c5160ebc676641f7cdfe0e848e7e65a71bf5fb0b4eada189546928028
SSDEEP

1536:1/YerZf0SP4Yny3ghGuAseHFUJEt9tnJHZcp4D7:KerZDgYnCgmGa5nHcp4D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3df388747f0155792763d12c792a7e84_JaffaCakes118

Files

3df388747f0155792763d12c792a7e84_JaffaCakes118
.dll windows:4 windows x86 arch:x86

03c0353b45301168ae11a7b60f24f85b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
Sleep
GetVersion
GetLocalTime
VirtualQueryEx
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
CloseHandle
OpenProcess
GetCurrentProcessId
CreateThread
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
GetModuleHandleA
HeapSize
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
ReadFile
SetEndOfFile
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetOEMCP
GetACP
GetLocaleInfoA
GetCPInfo
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
CreateFileA
InitializeCriticalSection
SetFilePointer
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

user32

CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
MessageBoxA
GetWindowTextA
FindWindowA
wsprintfA
FindWindowExA

psapi

GetMappedFileNameA

shlwapi

PathStripPathA

ws2_32

send
recv
WSACleanup
closesocket
connect
htons
socket
WSAStartup
gethostbyname

Exports

Exports

InstallHook
UninstallHook

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03c0353b45301168ae11a7b60f24f85b

Headers

File Characteristics

Imports

kernel32

user32

psapi

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 9KB

Shared Size: 4KB - Virtual size: 204B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 9KB

Shared
Size: 4KB - Virtual size: 204B

.reloc
Size: 8KB - Virtual size: 4KB