5db3d2026e04446b9e939ebc0e85a6ac_JaffaCakes118

General

Target

5db3d2026e04446b9e939ebc0e85a6ac_JaffaCakes118
Size

19KB
MD5

5db3d2026e04446b9e939ebc0e85a6ac
SHA1

383d58b901b41003097f009c056679f842f1bb54
SHA256

d19e7038465ba5d9a181c3fc293896d9c6227a550ab791a6e7091de95a3fddc1
SHA512

af4758a6edb812ae8a4e3bb896b4b50f74229cf55840de96f7dc2559d6996dc2ff23bd299928135a443d2b731be6288c0a3bd8032cda0ca5d44a6668d1eb7515
SSDEEP

384:raufDnvBMOnQ0Y2kMoc8ggJuS2MH4Nr5wZlchzvV3:+A2eRBH8/kNr5o8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5db3d2026e04446b9e939ebc0e85a6ac_JaffaCakes118

Files

5db3d2026e04446b9e939ebc0e85a6ac_JaffaCakes118
.dll windows:4 windows x86 arch:x86

39076dd488cd9c2035e090bd22337fa4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
LoadLibraryA
Sleep
IsBadReadPtr
TerminateThread
GetPrivateProfileStringA
GetCurrentProcessId
RaiseException
WriteFile
Process32Next
Process32First
CreateToolhelp32Snapshot
WriteProcessMemory
WideCharToMultiByte
ResumeThread
GetCurrentProcess
VirtualProtectEx
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetTempPathA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
CreateThread
OpenMutexA
GetCurrentThread
CreateMutexA

user32

FindWindowA
GetWindowThreadProcessId
GetAsyncKeyState
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

imagehlp

ImageUnload
ImageLoad

msvcrt

free
_initterm
malloc
_adjust_fdiv
_stricmp
_strlwr
strcat
strrchr
strcpy
memcpy
strlen
strncpy
sprintf
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
sscanf
strstr

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39076dd488cd9c2035e090bd22337fa4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

imagehlp

msvcrt

wininet

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 3KB

sdata Size: 512B - Virtual size: 12B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 3KB

sdata
Size: 512B - Virtual size: 12B

.reloc
Size: 2KB - Virtual size: 1KB