89ecfb9ad479a218c8b21dac8ef6f856_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89ecfb9ad479a218c8b21dac8ef6f856_JaffaCakes118
Size

24KB
MD5

89ecfb9ad479a218c8b21dac8ef6f856
SHA1

f69f466c6d5696b61e22df4c88a24504f1af6853
SHA256

8ecfd5634b7c70412ca3119b84a7396349c6e715707d850d2533d328d4ebfe4b
SHA512

f1e3230df6b2faed4ef082a26f4b1bb56e7458200f99bfc754273cc26edc48e6a6a6880e009a46c83ecaf3d5e867ef02c9fde9bcbf4f65251fc92d2b64b8f414
SSDEEP

384:Vds4oys2IfocwjRg2CD9YJCRhnqBBcz3iNZ3yRLPL9EODFX:03/Zv/eJCPqBBfZ3zw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89ecfb9ad479a218c8b21dac8ef6f856_JaffaCakes118

Files

89ecfb9ad479a218c8b21dac8ef6f856_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7a8bbf1c3f4345e383087531059c2355

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetFileSize
ReadFile
CreateFileA
DeleteFileA
GetTempPathA
MultiByteToWideChar
GlobalFree
GlobalUnlock
WriteFile
GlobalLock
GlobalAlloc
Process32Next
GetTickCount
CreateToolhelp32Snapshot
CreateThread
GetPrivateProfileStringA
IsBadReadPtr
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
lstrcmpiA
lstrcpynA
lstrcmpA
lstrcpyA
Sleep
ExitProcess
lstrlenA
GetSystemDirectoryA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
Process32First
OutputDebugStringA

user32

PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
EnumWindows
GetSystemMetrics
GetWindowTextA
IsIconic
GetActiveWindow
ShowWindow
SetForegroundWindow
GetWindowInfo
PrintWindow
FindWindowExA
GetWindowThreadProcessId
IsRectEmpty
FindWindowA
ReleaseDC
GetDC
CallNextHookEx

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
DeleteObject

msvcrt

??3@YAXPAX@Z
malloc
atoi
wcscmp
strstr
memmove
_except_handler3
_local_unwind2
??2@YAPAXI@Z
free

gdiplus

GdipCloneImage
GdipDisposeImage
GdipFree
GdiplusStartup
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipAlloc

wininet

InternetOpenA
InternetQueryDataAvailable
InternetConnectA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle

Exports

Exports

InstallService
jxgzof
jxgzon

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a8bbf1c3f4345e383087531059c2355

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

gdiplus

wininet

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 15KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 2KB