8d09bf84b28fffb25627a238a321aa9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d09bf84b28fffb25627a238a321aa9c_JaffaCakes118
Size

20KB
MD5

8d09bf84b28fffb25627a238a321aa9c
SHA1

4c18d2d1ccb9fcb30ce8ce22079cb6812d42b34e
SHA256

da876260337ee1e110d24a543985e17d71945051dd105e4d4dc7b9ed7b3fa2f0
SHA512

7535694ffa2b77d7996bf6737eff5b751d73c5053ce3ae9d30ddb0e564cac7a4d64a89a0f8f01092c7a992491b53f0e5657535c96860f07086ebac3a8afcf046
SSDEEP

384:3b3/H0d+T32qeNRdZgfrAfDXJ2z+9tHL0fC6yXCcL4nTuh2qiPlLBbwjKUd:Lv++TGqedFfDXe+9tH6W4nTuh2qiP/Cn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d09bf84b28fffb25627a238a321aa9c_JaffaCakes118

Files

8d09bf84b28fffb25627a238a321aa9c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4b96b7b08b48f2861d873bd7d50a6a43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
Sleep
GetPrivateProfileStringA
ExitProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
GetPrivateProfileIntA
InitializeCriticalSection
VirtualProtectEx
IsBadReadPtr
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
OpenThread
ReadProcessMemory
SetThreadContext
SetUnhandledExceptionFilter
Process32Next
Process32First
GetSystemDirectoryA
VirtualAlloc
WritePrivateProfileStringA
GetLastError
CreateMutexA
WriteProcessMemory
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
DeleteFileA
GetModuleFileNameA
GetCurrentProcess
GetCurrentThreadId
CreateProcessA
GetThreadPriority
TerminateThread
GetModuleHandleA
Thread32Next

user32

GetForegroundWindow
GetClassNameA
GetWindowTextA
GetWindowThreadProcessId
TranslateMessage
CallNextHookEx
SetWindowsHookExA
GetMessageA
FindWindowA
DispatchMessageA
UnhookWindowsHookEx
GetWindow
SendMessageA
GetDesktopWindow

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

shlwapi

PathFileExistsA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

_adjust_fdiv
malloc
_initterm
free
strrchr
fread
strcat
??2@YAPAXI@Z
memset
strstr
_strlwr
_stricmp
wcslen
strcmp
memcpy
sprintf
strcpy
strlen
fopen
fclose

Exports

Exports

Init

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdt
Size: 512B - Virtual size: 281B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b96b7b08b48f2861d873bd7d50a6a43

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 2KB

.sdt Size: 512B - Virtual size: 281B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 2KB

.sdt
Size: 512B - Virtual size: 281B

.reloc
Size: 2KB - Virtual size: 1KB