46a19c006e3734bd8f24abb92bfbd02c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46a19c006e3734bd8f24abb92bfbd02c_JaffaCakes118
Size

32KB
MD5

46a19c006e3734bd8f24abb92bfbd02c
SHA1

d979103944b81d387bc36feea7343232b73c3362
SHA256

b1e680b6af888956a2ed32f8f531790793cd1be69d9627ae04c75c675c9d7e78
SHA512

7ea8da9d09d076b72f746ab0d095233f9e408036bae408e51079c5e2dded880b66e7f7477bef844bcf36ef10ba3b3c23842466aa304b858de4b75057163eb73a
SSDEEP

384:JFkjM+p9G9B0i9Jz2KMmHUyY1g6pZ/GV00dWb:JFkjMCIB0i9+mHUyY1g6pZ/G3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a19c006e3734bd8f24abb92bfbd02c_JaffaCakes118

Files

46a19c006e3734bd8f24abb92bfbd02c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

edad256c1f1b889d74b2259e22d211a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4129
ord665
ord1979
ord6385
ord922
ord5442
ord3318
ord353
ord858
ord924
ord926
ord1247
ord1168
ord6467
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord939
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord941
ord537
ord823
ord860
ord4202
ord2764
ord825
ord4274
ord800
ord2982
ord540
ord269

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
malloc
_initterm
free
_onexit
__dllonexit
_EH_prolog
_mbscmp
sprintf
_adjust_fdiv

kernel32

LocalFree
GetModuleFileNameA
Sleep
GetSystemDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
LocalAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetForegroundWindow
EnumChildWindows
SendMessageA
GetAsyncKeyState
GetKeyNameTextA
CallNextHookEx
GetGUIThreadInfo
GetClassNameA
GetWindowLongA

Exports

Exports

?GetQQ@@YAKXZ
?UnHook@@YAHXZ
?b_Focus@@YAHXZ
KeyboardProc
MouseProc
Start

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.inidata
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edad256c1f1b889d74b2259e22d211a9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.inidata Size: 4KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.inidata
Size: 4KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB