63a2d260882e6acb2aa2dc9c6a9f68d2_JaffaCakes118

General

Target

63a2d260882e6acb2aa2dc9c6a9f68d2_JaffaCakes118
Size

112KB
MD5

63a2d260882e6acb2aa2dc9c6a9f68d2
SHA1

7ad381ec1ed0387dc2c86d52ede6edb05ffd2ce0
SHA256

6661f31c5080ce491d5868e1bf40e8bda4388fa532cda7cad26103169979f61d
SHA512

9e66e04923b9ff7018b6d71244845fec76b5778ac7674bc23a6c8bb7ce9ba5be386deb63061eb8e305e956d39aff55cab016d91dec10a4d013535fe3dada8c3b
SSDEEP

1536:mspTi9VDAlSoi/ruHUMO5XbAEyGOR08Gt/XEG+C+g+ARXIWfMlcvU0w:mtDoSoi/BhT0GNERgvRBfM2w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a2d260882e6acb2aa2dc9c6a9f68d2_JaffaCakes118

Files

63a2d260882e6acb2aa2dc9c6a9f68d2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

60ba10a6d474ebbf2ab857b13c390d30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
RegisterWindowMessageA

winmm

timeGetTime

kernel32

WideCharToMultiByte
FreeEnvironmentStringsW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
HeapAlloc
GetCPInfo
GetACP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA

Exports

Exports

InstallMyKeyHook
UninstallMyKeyHook

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHAREKE
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60ba10a6d474ebbf2ab857b13c390d30

Headers

File Characteristics

Imports

user32

winmm

kernel32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.SHAREKE Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 1KB

.text Size: 80KB - Virtual size: 80KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.SHAREKE
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 80KB - Virtual size: 80KB