954295784e3b3ca7ce4af29804e46515_JaffaCakes118

General

Target

954295784e3b3ca7ce4af29804e46515_JaffaCakes118
Size

29KB
MD5

954295784e3b3ca7ce4af29804e46515
SHA1

49dea4060326a448e36aaf0be971bbd740de9bdf
SHA256

456c7cc2fca64b172fed96d6f74cb7da57bab1d6d07c95a8c9b7672bb8860ab2
SHA512

fbf2e770628af178d3e65da56010d1e89dbd1a8c5d0ac45434a7380f7eb8668cd54ba87dfe24b5a6bb16ec5fa3fac44e787ba9707cea984a5eb156e805a506f9
SSDEEP

768:yUin7wxSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSfJ:5inExSSSSSSSSSSSSSSSSSSSSSSSSSSj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
954295784e3b3ca7ce4af29804e46515_JaffaCakes118

Files

954295784e3b3ca7ce4af29804e46515_JaffaCakes118
.dll windows:4 windows x86 arch:x86

321e84514d217be0f95e6578223a716c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetForegroundWindow
CallNextHookEx
SetWindowsHookExA
GetWindowTextA

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

kernel32

ExitThread
TerminateThread
lstrlenA
WriteProcessMemory
GetCurrentProcess
VirtualProtect
VirtualQuery
lstrcmpiA
CloseHandle
Thread32Next
ResumeThread
SuspendThread
GetCurrentThreadId
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
Module32Next
GetModuleHandleA
GetProcAddress
Module32First

imagehlp

ImageDirectoryEntryToData

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

_adjust_fdiv
malloc
_initterm
free
_beginthread
strcmp
wcscpy
strcpy
strlen
??3@YAXPAX@Z
sprintf
??2@YAPAXI@Z
memset
tolower
wcsstr

Exports

Exports

SetHook

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SData
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

321e84514d217be0f95e6578223a716c

Headers

File Characteristics

Imports

user32

advapi32

kernel32

imagehlp

wininet

msvcrt

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 11KB

.SData Size: 512B - Virtual size: 4B

.reloc Size: 1024B - Virtual size: 540B

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 11KB

.SData
Size: 512B - Virtual size: 4B

.reloc
Size: 1024B - Virtual size: 540B