a6d74268398485b656372c21f6600f02_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6d74268398485b656372c21f6600f02_JaffaCakes118
Size

48KB
MD5

a6d74268398485b656372c21f6600f02
SHA1

ff12decb0a83058763ff4b67765a5e4a5d5eb1d2
SHA256

514f75adf3aaeaa8a3c5bd1e89999ce6134c4f9ab987ed632dadcd560b9d06d6
SHA512

d4fef8fb091e75540eb31cd1fff8b34a72b3474038e8cb0cbc93f25009d2dcd2f76e353d5c0e7340506a0c0dcba77c3a56e140ca64a79f9c8fd2ec2b8ee7ba72
SSDEEP

768:UgNTTYaHr3BH7zX7f5aWRgHt6hLP2FXwJ3XuuzwJ:UgxXlaWmHtsP26Hu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6d74268398485b656372c21f6600f02_JaffaCakes118

Files

a6d74268398485b656372c21f6600f02_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e749f02f61adb07a7785dd798383b7a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

user32

MapVirtualKeyA
GetActiveWindow
GetWindowTextA
GetKeyNameTextA
GetAsyncKeyState
GetKeyboardState
ToAscii
CallNextHookEx
SetWindowsHookExA
GetMessageA
DispatchMessageA
TranslateMessage
UnhookWindowsHookEx
CharToOemA
wsprintfA
IsCharAlphaNumericA

oleaut32

GetErrorInfo

msvcrt

_snprintf
localtime
_strnicmp
_purecall
??3@YAXPAX@Z
_CxxThrowException
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ
fopen
fwrite
fclose
time
difftime
_stricmp
realloc
free
strrchr
__CxxFrameHandler
strstr
strncpy
sprintf
atoi
??2@YAPAXI@Z

kernel32

GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
GetVersion
GetVolumeInformationA
CreateProcessA
SetFilePointer
WriteFile
DeleteFileA
GetComputerNameA
GetTickCount
CreateFileMappingA
MapViewOfFile
OpenProcess
Sleep
GetModuleFileNameA
CreateMutexA
GetLastError
CreateThread
TerminateThread
GetVersionExA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileA
GetFileSize
ReadFile
CloseHandle
LoadLibraryA
GetProcAddress
LocalFree
FreeLibrary
lstrlenA
lstrcmpA
lstrcpynA
lstrcpyA
lstrcatA
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc
HeapFree

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

idata
Size: 4KB - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e749f02f61adb07a7785dd798383b7a4

Headers

File Characteristics

Imports

wininet

advapi32

user32

oleaut32

msvcrt

kernel32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 44KB

idata Size: 4KB - Virtual size: 268B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 44KB

idata
Size: 4KB - Virtual size: 268B

.reloc
Size: 4KB - Virtual size: 2KB