3e840a7833c9722ee45abfe049dbe3c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e840a7833c9722ee45abfe049dbe3c7_JaffaCakes118
Size

106KB
MD5

3e840a7833c9722ee45abfe049dbe3c7
SHA1

11b7be1d477028a2ea5bde3ebfc2e3f26a331752
SHA256

461736e626cd7d31a060fc3deffe4715365f0784272ba0701e413ba46d79bee1
SHA512

e6c57d214046f95e09a82e6e49676096aee425da84d2cfafdd40e711fe5af44833268ab7dd1bcafa89e67cef19fc61fb89d1561834dd69d4eec08b9b5e4ef628
SSDEEP

1536:zsykTAHzexenV4WeLI43I+H20tFfpAJjiWWAACqlhdpKByfLLFrKJTZjiyZ9AJCp:z9e44WeLzRH20tIOWXACqwmFr4Oc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e840a7833c9722ee45abfe049dbe3c7_JaffaCakes118

Files

3e840a7833c9722ee45abfe049dbe3c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4d3f16592db74b899d119e16a71a7631

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExA
PostMessageA
MessageBoxA
GetWindowThreadProcessId
CallNextHookEx

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
VirtualQuery
GetStartupInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
LoadLibraryA
IsBadReadPtr
GetModuleHandleA
GetCurrentProcessId
FreeLibrary
CloseHandle
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

Exports

Exports

install
uninstall

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 204B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 90B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mp0
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mp1
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d3f16592db74b899d119e16a71a7631

Headers

File Characteristics

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 15KB

.itext Size: - Virtual size: 204B

.data Size: - Virtual size: 1KB

.bss Size: - Virtual size: 10KB

.idata Size: - Virtual size: 1KB

.edata Size: - Virtual size: 90B

.mp0 Size: - Virtual size: 54KB

.mp1 Size: 104KB - Virtual size: 103KB

.reloc Size: 512B - Virtual size: 56B

.rsrc Size: 512B - Virtual size: 304B

.text
Size: - Virtual size: 15KB

.itext
Size: - Virtual size: 204B

.data
Size: - Virtual size: 1KB

.bss
Size: - Virtual size: 10KB

.idata
Size: - Virtual size: 1KB

.edata
Size: - Virtual size: 90B

.mp0
Size: - Virtual size: 54KB

.mp1
Size: 104KB - Virtual size: 103KB

.reloc
Size: 512B - Virtual size: 56B

.rsrc
Size: 512B - Virtual size: 304B