6f1438a9bc3da715119ff41f2cbe70a5_JaffaCakes118

General

Target

6f1438a9bc3da715119ff41f2cbe70a5_JaffaCakes118
Size

11KB
MD5

6f1438a9bc3da715119ff41f2cbe70a5
SHA1

97f0f877122c6c68bb1d6b4d18c75bae4d1a2d85
SHA256

f190eee67a937156c6317de6364921d847609561a15dc4e4b43fdff1541f9dd8
SHA512

674a6fbad796bf3b53b96460592064f2b64a1cbf14029c53c77ec45a80f735ff7e6e5da8140593c23debd6362e6b85627ade4fc3f40b57b82ae3c022b1e78d04
SSDEEP

96:WCubYleh7ZyR+25GPuzj1NpyBHW1t49OLmMVVqCipVumQg1UeWPEGcoBAPxYDpSE:t8rWYKx7MTsqCiRT1hWMfOAYw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f1438a9bc3da715119ff41f2cbe70a5_JaffaCakes118

Files

6f1438a9bc3da715119ff41f2cbe70a5_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

ab53d18edbbbb034cfb960621884ef1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
SendMessageA
OpenClipboard
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetClipboardData
GetClassNameA
FindWindowExA
CloseClipboard
CallNextHookEx
wsprintfA

kernel32

LocalFree
GetVolumeInformationA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
WinExec
ReadProcessMemory
CloseHandle
CompareStringA
CreateDirectoryA
CreateFileA
CreateThread
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTickCount
LocalAlloc
ReadFile

advapi32

GetUserNameA

wsock32

inet_addr
inet_ntoa
gethostbyname
send
socket
recv
htons
connect
WSAStartup
closesocket

wininet

InternetGetConnectedState

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab53d18edbbbb034cfb960621884ef1b

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

wininet

urlmon

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 78KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 960B

.text
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 78KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 960B