5ea83743e7bc9e3d4b68a346da893ec7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ea83743e7bc9e3d4b68a346da893ec7_JaffaCakes118
Size

24KB
MD5

5ea83743e7bc9e3d4b68a346da893ec7
SHA1

a473cdfa32e27a9f457f032f512cccd35b86ee39
SHA256

7b309735559b76044aa2d056659640589555b6d0acd488f74ee0eef5fd03f60f
SHA512

d3f3256b8420e70d559eb9438ed2129ebe540b4eeceab8205d73419910334750587cc8ea936c1239af4be1949d5561b2f90636c105c6c2fe8c45decbe688c503
SSDEEP

768:WIpvd1i1F+k91B9Ga3X/47/y3hLkFDDje:Wqfiik7B9Ga/G/yxkq

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cvery.comdel2478813994/KeyboardHook.dll
unpack001/cvery.comdel2478813994/asm/mhook.dll
unpack001/cvery.comdel2478813994/mousehook.dll
unpack001/cvery.comdel2478813994/test/KeyboardHook.dll
unpack001/cvery.comdel2478813994/test/mousehook.dll

Files

5ea83743e7bc9e3d4b68a346da893ec7_JaffaCakes118
.rar
cvery.comdel2478813994/KeyboardHook.cfg
cvery.comdel2478813994/KeyboardHook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisableKeyboardHook
EnableKeyboardHook

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel2478813994/KeyboardHook.dpr
cvery.comdel2478813994/KeyboardHook.pas
.js
cvery.comdel2478813994/MouseHook.cfg
cvery.comdel2478813994/MouseHook.dpr
cvery.comdel2478813994/MouseHook.pas
.js
cvery.comdel2478813994/asm/build.bat
cvery.comdel2478813994/asm/makefile
cvery.comdel2478813994/asm/mhook.asm
cvery.comdel2478813994/asm/mhook.def
cvery.comdel2478813994/asm/mhook.dll
.dll windows:4 windows x86 arch:x86

1c9e99dbd9238b3de32b69b7dc651420

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile

user32

CallNextHookEx
MessageBoxA
RegisterWindowMessageA
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx

Exports

Exports

DisableMouseHook
EnableMouseHook

Sections

.text
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cvery.comdel2478813994/clear.bat
cvery.comdel2478813994/mousehook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisableMouseHook
EnableMouseHook

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel2478813994/test/KeyboardHook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisableKeyboardHook
EnableKeyboardHook

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel2478813994/test/Main.dcu
cvery.comdel2478813994/test/Main.ddp
cvery.comdel2478813994/test/Main.dfm
cvery.comdel2478813994/test/Main.pas
cvery.comdel2478813994/test/mousehook.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

DisableMouseHook
EnableMouseHook

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cvery.comdel2478813994/test/test.cfg
cvery.comdel2478813994/test/test.dof
cvery.comdel2478813994/test/test.dpr
cvery.comdel2478813994/test/test.res
cvery.comdel2478813994/test/test2.cfg
cvery.comdel2478813994/下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 184B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 116B

.reloc Size: 1024B - Virtual size: 904B

.rsrc Size: 512B - Virtual size: 512B

1c9e99dbd9238b3de32b69b7dc651420

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 544B

.rdata Size: 1024B - Virtual size: 631B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 132B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 188B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 107B

.reloc Size: 1024B - Virtual size: 912B

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 184B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 116B

.reloc Size: 1024B - Virtual size: 904B

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 188B

BSS Size: - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 107B

.reloc Size: 1024B - Virtual size: 912B

.rsrc Size: 512B - Virtual size: 512B

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 184B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 116B

.reloc
Size: 1024B - Virtual size: 904B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 1024B - Virtual size: 544B

.rdata
Size: 1024B - Virtual size: 631B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 132B

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 188B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 107B

.reloc
Size: 1024B - Virtual size: 912B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 184B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 116B

.reloc
Size: 1024B - Virtual size: 904B

.rsrc
Size: 512B - Virtual size: 512B

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 188B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 107B

.reloc
Size: 1024B - Virtual size: 912B

.rsrc
Size: 512B - Virtual size: 512B