84249ba0f2814d6f5edd6ff57def18a1_JaffaCakes118

General

Target

84249ba0f2814d6f5edd6ff57def18a1_JaffaCakes118
Size

113KB
MD5

84249ba0f2814d6f5edd6ff57def18a1
SHA1

004ca38b513067c642b1406110d29e9a3c0fcbc9
SHA256

f8747a567f7a7c8cafc6915aebf3e8d6cdb7d0694cbec4f5e9ddba1f9661f3e8
SHA512

a4a10c23cdd145df2436009ebac8a43450aa11d14f49cee442646a119e64aa9ea1da259573e3f7063536b8e0ab6aa12b107ff87d450a93a11c080d804ffe6c57
SSDEEP

3072:HcoBWTr9at2QtJ5nP/9KZ4N08KZN+uELhHqibs:HcoBWUPVqC08xNLhKi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84249ba0f2814d6f5edd6ff57def18a1_JaffaCakes118

Files

84249ba0f2814d6f5edd6ff57def18a1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c60df9aca301e2b476719938fb5baf4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetComputerNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
ExitProcess
CloseHandle
ReadFile
CreateFileA
GlobalUnlock
OutputDebugStringA
CreateEventA
OpenEventA
GetCommandLineA
GetCurrentProcessId
WriteProcessMemory
GetProcAddress
TerminateProcess
OpenProcess
GetCurrentThreadId
CreateRemoteThread
CreateThread
VirtualAllocEx
DeleteFileA
WriteFile
GetFileSize
VirtualProtectEx
SetThreadPriority
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
TerminateThread
GetThreadPriority
Thread32First
GetWindowsDirectoryA
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GlobalAlloc
GlobalLock
GetModuleHandleA
ReadProcessMemory
GlobalFree
VirtualFreeEx
GetModuleFileNameA
RtlUnwind

user32

EnumChildWindows
GetClassNameA
IsWindowVisible
ReleaseDC
GetDC
ClientToScreen
GetClientRect
ToAscii
MapVirtualKeyA
GetKeyboardState
GetKeyState
GetForegroundWindow
IsWindowEnabled
GetAsyncKeyState
ToUnicode
wsprintfA
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
GetMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetInputState
PostThreadMessageA
SendMessageA

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

gdi32

GetPixel

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c60df9aca301e2b476719938fb5baf4a

Headers

File Characteristics

Imports

kernel32

user32

wininet

gdi32

advapi32

Sections

.text Size: 103KB - Virtual size: 102KB

sdata Size: 1024B - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 103KB - Virtual size: 102KB

sdata
Size: 1024B - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 7KB