86d0a104e8ce80c3723867ea858cfa34_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

86d0a104e8ce80c3723867ea858cfa34_JaffaCakes118
Size

56KB
MD5

86d0a104e8ce80c3723867ea858cfa34
SHA1

8537090a05edde91be83da8efb228ff067fce700
SHA256

9ec899b916e14e770bc1213e67753ad27dd167ef7f8d818ca12f70bcf9ebcd4d
SHA512

cb4f00f0ec605d63e9a09c60d9ac7a8adb8a9f62bf1e169523f6f5bb751d027e954d513558e34497815338dcc063b446552ce7b4898f65bc47931d33c77f2a07
SSDEEP

768:0CT+JdmoSwsseCA//AdLGdi8O1N8oTTzkYTxG5R:0CT+J4oSw3e4dLGdMcoHzof

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86d0a104e8ce80c3723867ea858cfa34_JaffaCakes118

Files

86d0a104e8ce80c3723867ea858cfa34_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d327ff8b92fef679bb7738a8f624798e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenMutexA
GetProcAddress
GetModuleHandleA
lstrcmpiA
CloseHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
LoadLibraryA
SetStdHandle
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

GetClassNameA
GetWindowThreadProcessId
CallNextHookEx
SetParent
SetWindowPos
GetWindowLongA
SetWindowLongA
UnhookWindowsHookEx
RegisterClassExA
CreateWindowExA
DefWindowProcA
SetWindowsHookExA

Exports

Exports

GetNewIEHand
GetNewIESHand
SaveIEProcessID
SetTaskNum
installhook
uninstallhook

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared_D
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d327ff8b92fef679bb7738a8f624798e

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 17KB

Shared_D Size: 4KB - Virtual size: 340B

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 17KB

Shared_D
Size: 4KB - Virtual size: 340B

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 4KB - Virtual size: 3KB