7071e4bd4a7cf74e14cb06764a0c111c_JaffaCakes118

General

Target

7071e4bd4a7cf74e14cb06764a0c111c_JaffaCakes118
Size

17KB
MD5

7071e4bd4a7cf74e14cb06764a0c111c
SHA1

e10f86370e0a44487e0f3079c00e220d833be53e
SHA256

64d6e27a74e14f869d55dd0d0d521fd659753de9ac3a3233f6daaec9c057b518
SHA512

f4a903f022e794e056f55fdd57df0c47a0789262b918a0da63ffbf96055de7ca2137d2ca375a53bdf0ca992f03a76e67fd91ab39f799d56d5576b45797fd94ee
SSDEEP

384:odRKu8wT/9HN6ianSBZXDMNwgncKHq67Ph2Uz:etzNF1ALn067h2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7071e4bd4a7cf74e14cb06764a0c111c_JaffaCakes118

Files

7071e4bd4a7cf74e14cb06764a0c111c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e015eebaa49407124e4e2e1b1fa6c7fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentThreadId
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
GetModuleHandleA
DeleteFileA
CreateFileA
WriteFile
OpenEventA
CloseHandle
ReadFile
VirtualProtectEx
ReadProcessMemory
GetCurrentProcess
CreateEventA
SetThreadPriority
IsBadReadPtr
VirtualAlloc
VirtualFree
ExitProcess
GetLocalTime
CreateThread
Sleep
GetCommandLineA
GlobalAlloc
GlobalLock
GlobalFree
GetModuleFileNameA
GetFileSize

user32

EnumChildWindows
FindWindowExA
FindWindowA
GetClassNameA
IsWindowVisible
ReleaseDC
GetDC
ClientToScreen
GetClientRect
ToAscii
MapVirtualKeyA
GetKeyboardState
GetKeyState
GetForegroundWindow
IsWindowEnabled
GetWindowThreadProcessId
GetWindowTextA
GetMessageA
PostThreadMessageA
GetInputState
CallNextHookEx
SendMessageA
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA

gdi32

GetPixel

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e015eebaa49407124e4e2e1b1fa6c7fd

Headers

File Characteristics

Imports

kernel32

user32

wininet

gdi32

advapi32

Sections

.text Size: 15KB - Virtual size: 14KB

sdata Size: 512B - Virtual size: 512B

.reloc Size: 1024B - Virtual size: 1018B

.text
Size: 15KB - Virtual size: 14KB

sdata
Size: 512B - Virtual size: 512B

.reloc
Size: 1024B - Virtual size: 1018B