769cafd3fd275895e4be61baab0d5743_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

769cafd3fd275895e4be61baab0d5743_JaffaCakes118
Size

96KB
MD5

769cafd3fd275895e4be61baab0d5743
SHA1

168baa8bad25bcb429a28d96fd993040a06632be
SHA256

3796a512bf7dea5bfbe8508f02c76cf199d7ee23e0cac603057fe185a57911ab
SHA512

8a7831461d6c32c6d1392b8e84065432b47a4bfd90b2e21d0ac30e79b3e6ba4f70ba38e8dc8b6af9c57444444f42ef2a1ff96e611acd2bf912bd9d8718679951
SSDEEP

1536:vdCKn8V3OiTogcQGZUQv/j+f2KPp7lY3okxYQlFD0hhhPDZ2k+BSK3eEgJ:vdkVe6zcQDQv/j+BFlgTfwDhPDgzBSKO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
769cafd3fd275895e4be61baab0d5743_JaffaCakes118

Files

769cafd3fd275895e4be61baab0d5743_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9520a707ae97e0a799b6079b57a959bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetModuleFileNameA
UnmapViewOfFile
GetTickCount
MapViewOfFile
CreateFileMappingA
CreateFileA
WideCharToMultiByte
ReadProcessMemory
LoadLibraryA
Sleep
GetTempPathA
SetThreadPriority
GetFileSize
ReadFile
GetProcessHeap
HeapAlloc
VirtualProtect
GetCurrentProcessId
WritePrivateProfileStringA
GetCurrentThreadId
lstrcmpiA
InterlockedCompareExchange
GetPrivateProfileStringA
lstrcpynA
GetCommandLineA
GetLastError
CreateMutexA
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
CloseHandle
GetCurrentProcess
OpenProcess
InterlockedExchange
DeleteCriticalSection
GetProcAddress

msvcrt

wcsstr
strncpy
strrchr
strcat
malloc
_except_handler3
strchr
_vsnprintf
isspace
isalnum
sprintf
atoi
wcsncpy
wcscat
exit
realloc
isdigit
isalpha
__dllonexit
_onexit
_initterm
_adjust_fdiv
_wcsnicmp
_wcsupr
_itoa
_strcmpi
wcsncat
wcscpy
strcpy
_strlwr
strstr
mbstowcs
wcscmp
_strdup
strlen
free
_stricmp
memcpy
__CxxFrameHandler
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
_strupr

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

wsock32

socket
closesocket
gethostbyname
send
WSAStartup
recv
htons
connect

user32

EnumChildWindows
SetFocus
SendMessageA
GetTopWindow
GetWindowTextA
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyState
GetClassNameA
GetWindowLongA
GetWindow
GetClassNameW
GetForegroundWindow
wsprintfA
ToAscii
GetKeyboardState
GetFocus
FindWindowA
CallNextHookEx
GetCaretPos
AttachThreadInput
GetWindowThreadProcessId

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9520a707ae97e0a799b6079b57a959bb

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

user32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 9KB

.upx0 Size: 3KB - Virtual size: 2KB

.upx1 Size: 36KB - Virtual size: 36KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 9KB

.upx0
Size: 3KB - Virtual size: 2KB

.upx1
Size: 36KB - Virtual size: 36KB

.reloc
Size: 2KB - Virtual size: 2KB