821b71c2e750e6aca6372f8a2337859d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

821b71c2e750e6aca6372f8a2337859d_JaffaCakes118
Size

30KB
MD5

821b71c2e750e6aca6372f8a2337859d
SHA1

ebf9a442bda5b9ea0cf0092e23a05422c3238e31
SHA256

97d4168bf650a169fd4d0b2412555f24ec573c25f18718bffa41a98e42d21a40
SHA512

1f78016eb1cb46fe81b8b19f34ceae332e6969c7760bc6c9bd76e8634b51a79038c2f767a5d2dc0f7b829a83ab43d7d7941a6e23c7ac6769ac690fe3706b6e7a
SSDEEP

384:FLzY7SPWOWxvEWDdeW1TGiCXrYo6cTydLPY9mOXTrQ4nMBy:5zjPW/ErecTIUgy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
821b71c2e750e6aca6372f8a2337859d_JaffaCakes118

Files

821b71c2e750e6aca6372f8a2337859d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e263fd32f1e4b86ff03c51ead4735a63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetFileSize
ReadFile
CreateFileA
DeleteFileA
MultiByteToWideChar
GlobalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalAlloc
GetTempPathA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpynA
IsBadReadPtr
GetModuleFileNameA
SetFileAttributesA
SizeofResource
LockResource
LoadResource
FindResourceA
SetFilePointer
CopyFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
GetTickCount
lstrcmpiA
lstrlenA
Sleep
lstrcmpA
lstrcpyA
ExitProcess
GetSystemDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateThread
OutputDebugStringA

user32

PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
EnumWindows
GetSystemMetrics
IsWindowVisible
IsIconic
ReleaseDC
GetDC
IsRectEmpty
GetWindowThreadProcessId
FindWindowExA
FindWindowA
PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
GetActiveWindow
GetWindowTextA

gdi32

GetObjectA
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GetDIBits
RealizePalette
SelectPalette
GetStockObject
CreateCompatibleDC

wininet

InternetConnectA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetQueryDataAvailable
HttpSendRequestA
HttpOpenRequestA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA

gdiplus

GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders

msvcrt

strstr
atoi
memmove
free
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
strrchr
_except_handler3
_local_unwind2

Exports

Exports

DeleteSelf
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode
wwhkf
wwhko

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e263fd32f1e4b86ff03c51ead4735a63

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

gdiplus

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB