4209acb5604a3a0b618b2233d89c9f75_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4209acb5604a3a0b618b2233d89c9f75_JaffaCakes118
Size

16KB
MD5

4209acb5604a3a0b618b2233d89c9f75
SHA1

c1b1c69a0e953df2673e6d4828a2ecd4d3260e6a
SHA256

e582f564b7d15ee8e5d23eb0d397622cd1e61f869e1084143babf2b5854b81bb
SHA512

3686e9ae794f2e9d0b5209c0f8b10c74e28e371da4e54cb9cf855d5dc6621e09a77743cec46b80231a56d80888a7e7557e98471fcdafe3d0f7fdf05c075e7bc1
SSDEEP

192:n/fbnPLvr3z/7HDPLfbHCQ2/241QXoPXJ1a8NoMtbsn0U6fbnjr3z/7HDPPYNRiX:yu4k0XJVOnoYN+VAlwdTShH8s9FHe/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4209acb5604a3a0b618b2233d89c9f75_JaffaCakes118

Files

4209acb5604a3a0b618b2233d89c9f75_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a8f33316e55a79363ad19a846108821

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen

kernel32

GetCurrentThreadId
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteFile
Sleep
SetFilePointer
SetFileAttributesA
ReadFile
OpenFileMappingA
MapViewOfFile
GetTickCount
GetSystemDirectoryA
GetLocalTime
FreeLibrary
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
CreateThread
CreateFileMappingA
CreateFileA
CloseHandle

user32

UnhookWindowsHookEx
SetWindowsHookExA
SetThreadDesktop
SetProcessWindowStation
OpenWindowStationA
OpenInputDesktop
GetWindowTextA
GetParent
CallNextHookEx

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext

Exports

Exports

GetPluginInfo
GetPluginResult
GetPluginRun
PluginFunc
PluginFuncEx
PluginStop

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a8f33316e55a79363ad19a846108821

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

advapi32

imm32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.itext Size: 512B - Virtual size: 252B

.data Size: 512B - Virtual size: 192B

.bss Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 189B

.reloc Size: 1024B - Virtual size: 800B

.rsrc Size: 512B - Virtual size: 512B

.text
Size: 10KB - Virtual size: 9KB

.itext
Size: 512B - Virtual size: 252B

.data
Size: 512B - Virtual size: 192B

.bss
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 189B

.reloc
Size: 1024B - Virtual size: 800B

.rsrc
Size: 512B - Virtual size: 512B