74c8dcb91255b778c6b04d102e68f41e_JaffaCakes118

General

Target

74c8dcb91255b778c6b04d102e68f41e_JaffaCakes118
Size

25KB
MD5

74c8dcb91255b778c6b04d102e68f41e
SHA1

4a80c0db6405d130f66b6fd2ad7bbe13e695e642
SHA256

2ae83f7c8097915162ecf0138bc536b3df350ae0421335dfb2a79d608b9fadbc
SHA512

17bcf6a65d5b2b32652a23a603849e031238efb57d27c7d95dc7bcfb388247e674f55438e2cf8333e559a127c2f61f8bece4a0e81906e6b479ce7b14784ce158
SSDEEP

384:ksTPzqbaVcNfVf4GFxgUJLJlmFy8QWV1+ad6Do9FmGb:jTbqpz4p0z6+g1Z6Do9FVb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74c8dcb91255b778c6b04d102e68f41e_JaffaCakes118

Files

74c8dcb91255b778c6b04d102e68f41e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b0fa86d02d2ede55d2e7ca25cbeb5185

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
WriteFile
OpenEventA
Sleep
GetFileSize
ReadFile
GetModuleFileNameA
ExitProcess
VirtualProtectEx
ReadProcessMemory
GlobalFree
GlobalLock
GlobalAlloc
GetCurrentProcess
DeleteFileA
CopyFileA
GetCurrentProcessId
FreeLibrary
GetCurrentThread
CreateEventA
SetThreadPriority
CreateThread
WideCharToMultiByte
MultiByteToWideChar
IsBadReadPtr
GetStringTypeW
RtlUnwind
GetStringTypeA
GetModuleHandleA
GetProcAddress
OpenProcess
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
CreateRemoteThread
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
VirtualFree
OutputDebugStringA
VirtualAlloc

user32

UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
CloseDesktop
CloseWindowStation
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
DeleteMenu
DestroyCursor
DestroyWindow
GetCursor
GetDCEx
GetDesktopWindow
GetDC
wsprintfA
GetMessageA
GetInputState
PostThreadMessageA

gdi32

Chord
CancelDC
DeleteObject
GetBkMode
GetBkColor

advapi32

RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0fa86d02d2ede55d2e7ca25cbeb5185

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

Sections

.text Size: 22KB - Virtual size: 21KB

sdata Size: 512B - Virtual size: 260B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

sdata
Size: 512B - Virtual size: 260B

.reloc
Size: 2KB - Virtual size: 1KB