407c06f68d75b76eb3414d5dfd071a49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

407c06f68d75b76eb3414d5dfd071a49_JaffaCakes118
Size

59KB
MD5

407c06f68d75b76eb3414d5dfd071a49
SHA1

5cb4f92610f8eebe7acc253f0f4b60551cea4dc6
SHA256

7fe4887f1af12c794cebcffcd9d0cc2316c15d95dfe4bc1ee638eefac3802b02
SHA512

958fa81862f5c55e5aba05e5631165177b49350fc29f7c5c723622471ec522bec732ead30ca9d76e585eec0f9261431cc7974f25399d1782047ee5e36637c68a
SSDEEP

768:v8D84DQ73C68QrkA7qu70KZMNPg478D84DQ73C68QrkA7qu70KZMNPg45k4s:vZE4C6l4KuNPgMZE4C6l4KuNPgqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
407c06f68d75b76eb3414d5dfd071a49_JaffaCakes118

Files

407c06f68d75b76eb3414d5dfd071a49_JaffaCakes118
.dll windows:4 windows x86 arch:x86

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ToAscii
SendInput
MapVirtualKeyA
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetDC
wsprintfA
GetClientRect

kernel32

GetCurrentProcess
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
LoadLibraryA
MultiByteToWideChar
OpenProcess
CloseHandle
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
ExitThread
Sleep
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
DisableThreadLibraryCalls
DeleteFileA
CreateThread
CreateRemoteThread
SetFilePointer
CreateFileA
ReadFile

advapi32

RegQueryValueExA

shlwapi

StrChrA
StrStrA

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
CreateCompatibleBitmap

ole32

CLSIDFromString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup

ws2_32

closesocket
connect
gethostbyname
inet_addr
ntohs
recv
send
socket
WSAStartup
WSACleanup

msvcrt

strrchr

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse
sub_pic

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shlwapi

gdi32

ole32

gdiplus

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 16B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 16B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB