a1b9ef685015f578d68d721ab0f0333f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1b9ef685015f578d68d721ab0f0333f_JaffaCakes118
Size

216KB
MD5

a1b9ef685015f578d68d721ab0f0333f
SHA1

ea303410ac557495d1a0d5134786df3e4cf052c6
SHA256

1fa6f7e47c29bb8d8cc33c340a202f126c0e4356cc21ba53c30d5736257cd197
SHA512

95b2bb250a3db4b15005c8ba81afed105b92b1b701270050e92160d05ae6ee7ff4499c1df3675f0c5773449915c99696146c3f272ca9ac52e78d3e61b1526a98
SSDEEP

3072:uCZot4vTbowz3vuOiR6Y7V3Re6CXySg4NiUuj981YZZNvM1PbhLJp8164co1cvsK:betG/owKOiRn7V3Qy1Ebk16nsa1lIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1b9ef685015f578d68d721ab0f0333f_JaffaCakes118

Files

a1b9ef685015f578d68d721ab0f0333f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9548e9b63feff649e52a75c462944d1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetIMEFileNameA

kernel32

GetTickCount
Sleep
GetCurrentProcess
GetCurrentProcessId
GetVersionExA
WinExec
CopyFileA
GetCurrentDirectoryA
GetSystemTime
OutputDebugStringW
GlobalFree
GlobalAlloc
FlushFileBuffers
SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentThreadId
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetLocalTime
HeapAlloc
HeapFree
CreateEventA
CreateEventW
CreateFileW
CreateFileMappingA
CreateFileMappingW
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessW
CreateThread
DeleteFileW
DuplicateHandle
FormatMessageA
InterlockedExchange
GetCurrentDirectoryW
GetExitCodeThread
GetFileAttributesA
OutputDebugStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
SetThreadPriority
GetModuleHandleA
MultiByteToWideChar
GetFileSize
ReadFile
GetSystemDirectoryA
GetPrivateProfileStringA
DeleteFileA
CreateProcessA
WaitForSingleObject
CreateFileA
WriteFile
CloseHandle
lstrlenA
lstrcpyA
FreeEnvironmentStringsW
GetFileAttributesW
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetSystemDirectoryW
GetThreadContext
CompareStringA
GetVersionExW
IsBadReadPtr
IsBadWritePtr
LoadLibraryW
LoadLibraryExA
SetEnvironmentVariableA
CompareStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrcpyW
lstrcmpiW
lstrcmpiA
lstrcatW
WriteProcessMemory
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateThread
TerminateProcess
SetLastError
SetEvent
ResumeThread
ReleaseMutex
ReadProcessMemory
OpenProcess
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
OpenEventW
OpenEventA
MapViewOfFile

user32

DispatchMessageA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
PeekMessageA
MessageBoxA
GetKeyboardType
CloseDesktop
SetWindowLongA
GetClientRect
GetKeyboardLayout
TranslateMessage
MapVirtualKeyA
keybd_event
GetAsyncKeyState
GetWindowTextLengthA
GetWindowTextA
GetCaretPos
SetWindowTextA
GetWindowLongA
SendMessageA
MoveWindow
GetFocus
GetSystemMetrics
PostMessageA
RegisterClassExA
CreateWindowExA
LoadImageA
UnhookWindowsHookEx
GetParent
BringWindowToTop
SetTimer
SetWindowsHookExA
CallNextHookEx
DefWindowProcA
GetWindow
GetTopWindow
RegisterWindowMessageA
SendMessageTimeoutA
GetWindowRect
mouse_event
ShowWindow
UpdateWindow
IsWindowVisible
GetForegroundWindow
FindWindowExA
GetClassNameA
KillTimer
MsgWaitForMultipleObjects

oleaut32

SysStringLen
SysAllocString
SysFreeString
VariantClear
VariantInit
SysReAllocStringLen
SysAllocStringLen

advapi32

RegQueryValueExA
GetKernelObjectSecurity
AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
InitializeSecurityDescriptor
IsValidSid
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA
RegEnumKeyA
RegSetValueExW
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

ole32

OleSetContainedObject
CoInitialize
CoUninitialize
OleCreate

wininet

InternetOpenA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

Exports

Exports

?KeyboardProc@@YGJHIJ@Z
?installhook@@YGHXZ
TestFunction

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9548e9b63feff649e52a75c462944d1b

Headers

File Characteristics

Imports

imm32

kernel32

user32

oleaut32

advapi32

ole32

wininet

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

CODE Size: 104KB - Virtual size: 102KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 32KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 56KB - Virtual size: 54KB

CODE
Size: 104KB - Virtual size: 102KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 32KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB