a295786bc7cc9753624534fe8dd92f82_JaffaCakes118

General

Target

a295786bc7cc9753624534fe8dd92f82_JaffaCakes118
Size

24KB
MD5

a295786bc7cc9753624534fe8dd92f82
SHA1

b9eca882b9eee1924f1e07d80943db65579b9c63
SHA256

7906b0867131a11402fd67e8668c7a9648c7aedb6087204554f9cd2e5f5d8558
SHA512

104c5823ff271887c68064b81fd819db26b33f2d3e0b77b8883f4cf2e3df909deaad6093a61da166236482ef779a70231db6f3c502feaf88c2eaabc76150e76f
SSDEEP

192:wxvtfKzIwWM7/sJwc9JHYChsmCu4JY1Ng1Vm3W3xPl44Yt0aPQ:w1tfKzhW6/syW2VJ2VG3xDYdP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a295786bc7cc9753624534fe8dd92f82_JaffaCakes118

Files

a295786bc7cc9753624534fe8dd92f82_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9c2274bd0e4bb672c65bd6882ffe520d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3127
ord3616
ord3663
ord6385
ord5442
ord1979
ord5651
ord5186
ord350
ord354
ord825
ord923
ord924
ord939
ord922
ord858
ord4129
ord941
ord940
ord2818
ord535
ord860
ord800
ord6877
ord537
ord540
ord665

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mbscmp
strstr
__CxxFrameHandler
_strupr

kernel32

GetSystemDirectoryA
GetModuleFileNameA
CreateThread
CloseHandle
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetTickCount
GetCurrentThreadId
GetVersionExA
GetComputerNameA
Sleep

user32

TranslateMessage
PeekMessageA
UnhookWindowsHookEx
DispatchMessageA
GetFocus
AttachThreadInput
CallNextHookEx
GetForegroundWindow
GetWindowThreadProcessId
FindWindowExA
SendMessageA
GetWindowTextA
IsWindowVisible
SetWindowsHookExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

psapi

GetModuleFileNameExA

shlwapi

PathFileExistsA

ws2_32

closesocket
send
connect
htons
socket
gethostbyname
WSAStartup
recv

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c2274bd0e4bb672c65bd6882ffe520d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shell32

psapi

shlwapi

ws2_32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 8KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 8KB

.reloc
Size: 4KB - Virtual size: 1KB