703882cedc919e4190f0560a75b00492_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

703882cedc919e4190f0560a75b00492_JaffaCakes118
Size

15KB
MD5

703882cedc919e4190f0560a75b00492
SHA1

7bc494919aa7ccef365b5d0ea1d33cefda6b7527
SHA256

ddb1cd72a688bc0126c61239a65603f55e2e876a91b92044d2b8e6ac67ff6c67
SHA512

fbc17b0aa760488ab3a10dc6313f3d68d7776d2285034482e28ab6ada91d0e522e58e19ef2f8d525b29108d36d25afab2443778b87cfc43002952a70f58672e4
SSDEEP

384:8T5lUv2WojdoO0qPDJNKZv0ERKs9jnWk4945UMp:m5HlNudKsl9HD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
703882cedc919e4190f0560a75b00492_JaffaCakes118

Files

703882cedc919e4190f0560a75b00492_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c45431f3e795fc988ff5689bcee55e4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
WriteFile
WaitForSingleObject
GetLastError
ReadFile
InterlockedExchange
lstrlenA
GetModuleFileNameA
CloseHandle
GetSystemDirectoryA
CreateMutexA
lstrcatA

user32

CallNextHookEx
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

memmove
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
free
??2@YAPAXI@Z
atoi
__CxxFrameHandler
_stricmp
_snprintf

Exports

Exports

CheckProcess
MouseProc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c45431f3e795fc988ff5689bcee55e4d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp60

wininet

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 648B

.SHARDAT Size: 512B - Virtual size: 4B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 648B

.SHARDAT
Size: 512B - Virtual size: 4B

.reloc
Size: 1KB - Virtual size: 1KB