4410740db9925c134f29c6264a2e98ae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4410740db9925c134f29c6264a2e98ae_JaffaCakes118
Size

26KB
MD5

4410740db9925c134f29c6264a2e98ae
SHA1

612c0836374698bf45d48e98afed55ddc6545afe
SHA256

422d35ed3f6f62d63ed27676740dee151958025b31e405d7b02aa5a88c4a682a
SHA512

ae77347fc89c0c65e7c37b17bea26a66b5dd91a304c8dc7818ba8a65547a1861f03d607cc961460df08cd5aada0ff82fb133bacb284e9c34f24a46384544502a
SSDEEP

384:EoVmSbhbEubMSfzrEgcprl8O+xnkUKqHEIrjN2zgbbs4rkZnviuNqC63hfYR:EoVmSu7Mr4prcKqh0gfs4MvdjB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4410740db9925c134f29c6264a2e98ae_JaffaCakes118

Files

4410740db9925c134f29c6264a2e98ae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

733832e0036689bc799adb687fc09214

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
CloseHandle
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
Module32Next
Module32First
CreateToolhelp32Snapshot
lstrlenA
SetFilePointer
OutputDebugStringA
HeapAlloc
DeleteFileA
GetModuleHandleA
FindClose
FindFirstFileA
WritePrivateProfileStringA
GetCurrentProcessId
OpenProcess
TerminateProcess
GetCurrentProcess
GetWindowsDirectoryA
GetPrivateProfileStringA
GetProcAddress
Sleep
LoadLibraryA
FreeLibrary
GetModuleFileNameA
GetProcessHeap

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameW
GetWindow
wsprintfA
wvsprintfA
GetWindowRect
GetDC

msvcrt

_local_unwind2
_strcmpi
_strupr
free
strcpy
memset
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
strlen
_except_handler3
sprintf
rand
srand
time
wcslen
strstr
wcsncat
wcscpy
wcsstr
strncpy
strrchr
exit
printf
strcat
memcpy
tolower
_vsnprintf

wininet

InternetCloseHandle

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

733832e0036689bc799adb687fc09214

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wininet

gdi32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 39KB

shared Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 39KB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 1KB