ade69012c36f4d272716464bc105207c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ade69012c36f4d272716464bc105207c_JaffaCakes118
Size

48KB
MD5

ade69012c36f4d272716464bc105207c
SHA1

5d8ce65145f0bde31fbc82f4ae2430845396a05c
SHA256

d7224777b5ac61844585f254624476da7c48b9ee157cc694b6d00f60e2531df5
SHA512

a241ad16a5506a7f8929c18fa90b2dcd7494977c722198a57f3ead9859f29cc9aa2ae110278b48dbd1b1d12c7fe259e79bfa22b9cb9f1ff52d90a66bae17e344
SSDEEP

768:c4/Vk9yEpxxWcqWMsXtLSa8wk+ZzsCSnIPq0sML:c4/+9yWxx9qWMsXtLt8/+Z53S0sML

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ade69012c36f4d272716464bc105207c_JaffaCakes118

Files

ade69012c36f4d272716464bc105207c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0f466f86c778cabfc7a656db2f415334

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetProcAddress
WriteProcessMemory
GetCurrentProcess
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
GetModuleHandleA
GetSystemInfo
lstrlenA
VirtualQuery
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
lstrcmpiA
GetCurrentThreadId
TlsSetValue
GetCommandLineA
GetVersionExA
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
HeapSize
TlsFree
SetLastError
TlsGetValue
GetLastError
TlsAlloc
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

UnhookWindowsHookEx
SetWindowsHookExA
GetActiveWindow
GetForegroundWindow
SendMessageA
CallNextHookEx

imagehlp

ImageDirectoryEntryToData

Exports

Exports

GetLastTickCount
Load
RemoveHook
SetHook
SetOpt

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f466f86c778cabfc7a656db2f415334

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.shared Size: 4KB - Virtual size: 36B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.shared
Size: 4KB - Virtual size: 36B

.reloc
Size: 4KB - Virtual size: 3KB