8ed5b3bcd3eb42fe78827fe9e1643ec6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ed5b3bcd3eb42fe78827fe9e1643ec6_JaffaCakes118
Size

17KB
MD5

8ed5b3bcd3eb42fe78827fe9e1643ec6
SHA1

f3f10f2b7b4630973c944faf3762b523b49367b9
SHA256

3afe661891b233a520ed9b7931ab98be4f413cd32b64d963e76b954fe3f49450
SHA512

21a4d259cba11b4aa9b09244c1a06b9ddc76868d0bcfbb22f52117033992d0b579b0c9ff06a11db27f08b7a795fca803dcc41f8c2e99e063ae3dc663aebb58de
SSDEEP

384:OcosO8P5TnLpcH/r6/6glxAHdAHxygVceSVTB:yQTnL4uCglx+IyGc7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ed5b3bcd3eb42fe78827fe9e1643ec6_JaffaCakes118

Files

8ed5b3bcd3eb42fe78827fe9e1643ec6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9e0925bb331594b8537553d1b59da10b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
strncmp
memcpy
strchr
rand
fopen
fseek
fread
fclose
strrchr
malloc
_strlwr
_getpid
_stricmp
wcscmp
strstr
__CxxFrameHandler
abs
strlen
atoi
sprintf
_beginthreadex
??2@YAPAXI@Z
memset
strcat
??3@YAXPAX@Z
strcpy
strcmp

kernel32

WaitForSingleObject
GetFileSize
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
LoadLibraryA
GetProcAddress
GetPrivateProfileStringA
GetCurrentDirectoryA
CreateThread
CloseHandle
OutputDebugStringA
DeleteFileA
MultiByteToWideChar
GetSystemDirectoryA
Sleep

user32

GetDesktopWindow
SetWindowLongA
RegisterWindowMessageA
DeregisterShellHookWindow
GetClientRect
GetDC
CallWindowProcA
GetClassNameA
GetWindowTextA
ReleaseDC
GetWindowRect
RegisterShellHookWindow
GetParent
GetWindowThreadProcessId
EnumWindows

ws2_32

WSACleanup
send
recv
socket
inet_addr
htons
connect
gethostbyname
closesocket
inet_ntoa
WSAStartup

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile

Exports

Exports

KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e0925bb331594b8537553d1b59da10b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

wininet

gdi32

gdiplus

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB