a3711e8331f01a8ccf7a0bc88ea75196_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3711e8331f01a8ccf7a0bc88ea75196_JaffaCakes118
Size

29KB
MD5

a3711e8331f01a8ccf7a0bc88ea75196
SHA1

7af8f15cba89a4daed2b02893c59e8b318353d53
SHA256

2c3ac116347acbe1895b80ee3a6ff8e710451079d481db0ce48c43dec5ab82c0
SHA512

ae9f9b634e6233e1ea33c47dd4ba80bf251d29ba2bfddd555696909bccfa1713af2a8f06e4646b9a3e080cd34aa89c099927134e86277d54bfdb23d8acbf9a1a
SSDEEP

768:mA3XtyxBY1bu18L39apBKAxOBV3yYbu+Nn:mA3XcIJs8L39FMWS+Nn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3711e8331f01a8ccf7a0bc88ea75196_JaffaCakes118

Files

a3711e8331f01a8ccf7a0bc88ea75196_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9d26341f120c370b26bc2774c5bb524a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
GetModuleHandleA
VirtualAlloc
IsBadReadPtr
CreateThread
CopyFileA
GetPrivateProfileStringA
FreeLibrary
Process32First
LoadLibraryA
GetSystemDirectoryA
SetFilePointer
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetLastError
CreateMutexA
Process32Next
GetTempPathA
GlobalAlloc
GlobalLock
WriteFile
GlobalUnlock
GlobalFree
MultiByteToWideChar
DeleteFileA
lstrcpynA
CreateFileA
ReadFile
CloseHandle
GetTickCount
lstrlenA
lstrcmpiA
lstrcatA
lstrcpyA
lstrcmpA
Sleep
ExitProcess
VirtualProtect
GetProcAddress
OutputDebugStringA

user32

SetWindowsHookExA
CallNextHookEx
GetForegroundWindow
GetClassNameA
EnumWindows
GetSystemMetrics
GetWindowTextA
IsIconic
GetActiveWindow
UnhookWindowsHookEx
ReleaseDC
GetDC
IsRectEmpty
GetWindowThreadProcessId
FindWindowExA
FindWindowA
PrintWindow
GetWindowInfo
SetForegroundWindow
ShowWindow
PostThreadMessageA

gdi32

CreateCompatibleDC
RealizePalette
CreateCompatibleBitmap
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA
DeleteObject
BitBlt
SelectObject
GetDIBits

wininet

HttpSendRequestA
InternetQueryDataAvailable
HttpOpenRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
InternetConnectA

gdiplus

GdipDisposeImage
GdipFree
GdiplusStartup
GdipAlloc
GdipLoadImageFromFile
GdipSaveImageToFile
GdiplusShutdown
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCloneImage

netapi32

Netbios

msvcrt

free
malloc
atoi
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
strstr
memmove
strchr

Exports

Exports

Hookoff
Hookon
InstallService
KsCreateAllocator
KsCreateClock
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d26341f120c370b26bc2774c5bb524a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

wininet

gdiplus

netapi32

msvcrt

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 2KB