481fa6a97ff3da6722deff76fa10456b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

481fa6a97ff3da6722deff76fa10456b_JaffaCakes118
Size

100KB
MD5

481fa6a97ff3da6722deff76fa10456b
SHA1

187743ca653139fe6eaa45a9334e2f347fe434ae
SHA256

f9b5044e01d97a8e798701c2a557cc57c56645512531444fb59082ffc1b863ef
SHA512

e1a9d46f4194115ba852a7b12f44531095c35a715af128968705104daf466e5cc569b9b0bbcf1ee64f79ead58f9a75143b26ee86704f820926a9cf6c4ce41ec6
SSDEEP

3072:eUV2l2vb/ZvZ2JSQ4KsimldDKnDn0WqqTl:R8lwbhvZ2YQHCldYD0Wx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
481fa6a97ff3da6722deff76fa10456b_JaffaCakes118

Files

481fa6a97ff3da6722deff76fa10456b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5b94ffc6a5e5de4e05b8eefdfdf60768

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
GetThreadPriority
Thread32First
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
GlobalFree
GlobalLock
GlobalAlloc
WritePrivateProfileStringA
GetPrivateProfileIntA
ReadProcessMemory
GlobalUnlock
WideCharToMultiByte
GetCurrentThreadId
DeleteFileA
ReadFile
CreateFileA
WriteProcessMemory
VirtualProtectEx
GetFileSize
GetWindowsDirectoryA
GetVersionExA
WriteFile
GetACP
DisableThreadLibraryCalls
VirtualAlloc
VirtualFree
Process32Next
Process32First
VirtualFreeEx
WaitForSingleObject
Thread32Next
VirtualAllocEx
OpenProcess
GetLastError
GetTickCount
GetComputerNameA
GetCommandLineA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
HeapReAlloc
GetOEMCP
GetCPInfo
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
Sleep
CreateThread
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetCurrentProcess
OutputDebugStringA
CreateRemoteThread
IsBadReadPtr
GetVersion
ExitProcess
TerminateProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

wsprintfA
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
VkKeyScanA
GetKeyNameTextA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

ws2_32

closesocket
inet_ntoa
gethostbyname
select
inet_addr
shutdown
connect
htons
ioctlsocket
socket
send
recv
__WSAFDIsSet
WSACleanup
WSAStartup
ntohs
getpeername

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
OpenProcessToken

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b94ffc6a5e5de4e05b8eefdfdf60768

Headers

File Characteristics

Imports

kernel32

user32

wininet

ws2_32

advapi32

Sections

.text Size: 82KB - Virtual size: 81KB

sdata Size: 10KB - Virtual size: 10KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 82KB - Virtual size: 81KB

sdata
Size: 10KB - Virtual size: 10KB

.reloc
Size: 7KB - Virtual size: 6KB