8c05776a1e55a9f859ec0564f81b3647_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8c05776a1e55a9f859ec0564f81b3647_JaffaCakes118
Size

48KB
MD5

8c05776a1e55a9f859ec0564f81b3647
SHA1

2d4f8f16f34f101672da4dbd6258739fdd0e677f
SHA256

7d6605f46dbf55b6832165378a6659743e0a89e014e768b1e3a565040cbc5803
SHA512

ef697ec2e0f3539c2dbf1fabb223d58fe9966af48690f2e6f5633aec72ce1c3360fe27b57ced0ac6f19e28eeab230a1885758f8d0b0d586b6933980377d956de
SSDEEP

384:sEE9zhfWs4aj7UIbd6uVsqrv5aNG4CJuVVMLfNnHfNS+J005qSdhgg+xUNnWctoD:P6zVWsJjVsOICZdJpQworTxjIgdXHn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c05776a1e55a9f859ec0564f81b3647_JaffaCakes118

Files

8c05776a1e55a9f859ec0564f81b3647_JaffaCakes118
.dll windows:4 windows x86 arch:x86

36bf04fe0eeffaebb83988aa680aebc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

kernel32

OutputDebugStringA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetTickCount
HeapAlloc
OpenProcess
ReadProcessMemory
VirtualQueryEx
CopyFileA
GlobalLock
GlobalFree
GlobalUnlock
GlobalHandle
GlobalAlloc
GetSystemDirectoryA
GetFileInformationByHandle
GetModuleFileNameA
WriteFile
CloseHandle
CreateFileA
DeleteFileA
GetLocalTime
GetTempPathA
ReadFile
GetFileSize
CreateThread
Sleep
CreateFileMappingA
GetCurrentProcessId
GetCurrentThreadId
LoadLibraryA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
InterlockedExchange
GetProcessHeap
HeapFree

user32

PeekMessageA
GetWindowLongA
GetWindowTextA
TranslateMessage
FindWindowExA
GetKeyState
GetFocus
DispatchMessageA
GetWindowThreadProcessId
GetForegroundWindow
SetWindowsHookExA
SetRect
ReleaseDC
CallNextHookEx
UnhookWindowsHookEx
GetDC

gdi32

GetDIBits
DeleteObject
BitBlt
GetDeviceCaps
GetObjectA
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

avifil32

AVIFileCreateStreamA
AVIMakeCompressedStream
AVIFileOpenA
AVIFileInit
AVISaveOptionsFree
AVIFileRelease
AVIStreamRelease
AVIFileExit
AVIStreamWrite
AVIStreamSetFormat

msvfw32

ord2

msvcrt

_strlwr
localtime
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
printf
strncmp
fseek
memcmp
fopen
strstr
strcpy
memset
??3@YAXPAX@Z
time
rename
rand
srand
_mkdir
_access
sprintf
??2@YAPAXI@Z
memmove
abs
__CxxFrameHandler
strftime
_memicmp
memcpy
strcmp
strlen
strcat
vsprintf
strncpy
wcslen
strrchr
fflush
fwrite
fclose

shlwapi

SHGetValueA
SHSetValueA

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

GetDLLVer
InstallHOOK
InstallLocalHOOK
UninstallHOOK
partInit

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36bf04fe0eeffaebb83988aa680aebc3

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

avifil32

msvfw32

msvcrt

shlwapi

msvcp60

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 4KB

.SHARDAT Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 4KB

.SHARDAT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB