85e02c539f887dd547e377da81ec09e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85e02c539f887dd547e377da81ec09e0_JaffaCakes118
Size

60KB
MD5

85e02c539f887dd547e377da81ec09e0
SHA1

2972cb8c5769499ee176cb47d9d30584eea92c79
SHA256

357b0297bfcff01398e3c7ee37c173cc88b0f5d6d021c3198a09414469366186
SHA512

721ed2c3eff0d8cffc9286e2b52fe3c4a8c4823fed68e0538f5e1a8bc8eba105dc6550423f513bb32620ce51d5b51d135a5dc64c82330a34d72a609e59ce4a32
SSDEEP

768:v8D84DQ73C68QrkA7qu70KZMNPg478D84DQ73C68QrkA7qu70KZMNPg4Sa:vZE4C6l4KuNPgMZE4C6l4KuNPg7a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85e02c539f887dd547e377da81ec09e0_JaffaCakes118

Files

85e02c539f887dd547e377da81ec09e0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ToAscii
SendInput
MapVirtualKeyA
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetDC
wsprintfA
GetClientRect

kernel32

GetCurrentProcess
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
LoadLibraryA
MultiByteToWideChar
OpenProcess
CloseHandle
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
ExitThread
Sleep
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
DisableThreadLibraryCalls
DeleteFileA
CreateThread
CreateRemoteThread
SetFilePointer
CreateFileA
ReadFile

advapi32

RegQueryValueExA

shlwapi

StrChrA
StrStrA

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
CreateCompatibleBitmap

ole32

CLSIDFromString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup

ws2_32

closesocket
connect
gethostbyname
inet_addr
ntohs
recv
send
socket
WSAStartup
WSACleanup

msvcrt

strrchr

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse
sub_pic

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shlwapi

gdi32

ole32

gdiplus

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 16B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 16B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB