89c2a8eccd63205880864c085877a669_JaffaCakes118

General

Target

89c2a8eccd63205880864c085877a669_JaffaCakes118
Size

195KB
MD5

89c2a8eccd63205880864c085877a669
SHA1

25f5d2b4788d09751863c596d45d875befb49a37
SHA256

3051b0d263f6b2eea823b3e2b49185ac23ce78af5fb4ac0cfcb1413f6ac12d6c
SHA512

45764a38e5289e07c11e2a83fa3d2c614650caa25557463d956fb6d2665c1051505b6968f8eeb5016822af929a7d3775285d967d7cfc1954f8e47dd2cbd4d386
SSDEEP

96:2xMf3Goq3sLLlFCzBF/mBtUsn9EexTf3gvEbX7YW/uNs7Q5+RE8EdfNX:0Mtq3sNi+4CtYvEbsh5t8EN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89c2a8eccd63205880864c085877a669_JaffaCakes118

Files

89c2a8eccd63205880864c085877a669_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ad45ea4df424e96735e55e6ddf90a441

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
WriteProcessMemory
WideCharToMultiByte
lstrlenA
RtlZeroMemory
lstrlenW
Module32Next
Module32First
GetWindowsDirectoryA
Process32First
lstrcatA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
VirtualAllocEx
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
GetCurrentThreadId
Process32Next
FreeLibrary
DeleteFileA
OpenEventA
SetEvent
LoadLibraryA
CreateMutexA
ReleaseMutex
OpenProcess
GetLastError
RtlFillMemory
lstrcpyA
GetCurrentProcessId
Sleep
GetModuleFileNameA
CreateThread
CloseHandle

user32

GetMessageA
PostThreadMessageA
GetWindowThreadProcessId
UnhookWindowsHookEx
EnumWindows
SetWindowsHookExA
wsprintfA
CallNextHookEx

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken

shlwapi

PathFileExistsA
StrStrIA

msvcrt

strrchr
strcat
strcpy
strlen

Exports

Exports

COMResModuleInstance
SetMsgHook
comonbabyouyes
comonbabyouyesDrawTextEx
comonbabyouyesEditControl
comonbabyouyesExtTextOut
comonbabyouyesGetCharacterPlacement
comonbabyouyesGetTextExtentExPoint
comonbabyouyesPSMTextOut
dns

Sections

.bss
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad45ea4df424e96735e55e6ddf90a441

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

msvcrt

Exports

Exports

Sections

.bss Size: - Virtual size: 67KB

.data Size: 8KB - Virtual size: 8KB

shard Size: 512B - Virtual size: 268B

.reloc Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 67KB

.data
Size: 8KB - Virtual size: 8KB

shard
Size: 512B - Virtual size: 268B

.reloc
Size: 2KB - Virtual size: 1KB