78c7de1b699667ae54d9072d5b22cc76_JaffaCakes118

General

Target

78c7de1b699667ae54d9072d5b22cc76_JaffaCakes118
Size

36KB
MD5

78c7de1b699667ae54d9072d5b22cc76
SHA1

20ae20d22cc2c648850d57846b78251e84b87028
SHA256

33af924086ad467a31a0e1c3b7067b5b346af3848c8efaf5d1f0e9a2294c86ae
SHA512

77474c0c18d151f6ea13b0b295af0069c709285c5a5de0d2478e8274e72633615495cd93e56ce56f8e34ddcaa079d11743ce3dc89e515ce64287bfbd2f124073
SSDEEP

384:eO1Lp3JfzKdM+q5YXH0xmC2ivb1TdxMODRpnZCY:eO1LPXKXH0xmC2ip5xMO3x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78c7de1b699667ae54d9072d5b22cc76_JaffaCakes118

Files

78c7de1b699667ae54d9072d5b22cc76_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4056f93d0fe60332341934168b24461a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetCurrentProcessId
FreeLibrary
GetTempPathA
GetCurrentProcess
Sleep
LoadLibraryA
GetProcAddress
GetTickCount
GetModuleFileNameA
CopyFileA
lstrcmpiA
GetSystemInfo
GetVersionExA
CloseHandle

user32

GetSystemMetrics
GetWindowThreadProcessId
EnumWindows
GetClassNameA
GetWindowTextA
GetWindowTextLengthA
wsprintfA
CharLowerA
CallNextHookEx
DispatchMessageA
GetMessageA
TranslateMessage

advapi32

RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

msvcrt

fread
_adjust_fdiv
malloc
_initterm
free
_splitpath
_except_handler3
??2@YAPAXI@Z
??3@YAXPAX@Z
fgets
sprintf
fputc
fwrite
strncpy
fclose
_stricmp
fseek
fopen
_access
strstr

Exports

Exports

AR
GetVer
w

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 570B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4056f93d0fe60332341934168b24461a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 570B

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 570B