b18895c431699652e86bd4201030776c_JaffaCakes118

General

Target

b18895c431699652e86bd4201030776c_JaffaCakes118
Size

17KB
MD5

b18895c431699652e86bd4201030776c
SHA1

3bbf35a4c9b67f671c964c8b4c5ea4c0d3dce402
SHA256

9dd2ee1ae396f59ec5bd600831d5bc8f0a14cc4952a47298fe106367f8ef8ec5
SHA512

a09fce196f6d6faa6c6efa90d4b5ab2aa1776be9a4bdf90af4d1c1d2948cc8ee659f696e0ebdc3576b8a201039eeefe851b4d7abb73954a9cb661921e6d463f9
SSDEEP

192:7SliRNKEZZhrfZpfKWln23jrcdD0MUqz007hmExyyGpJXFf1M3zRL46gdxAn:4iRNHPhrfZy3jrM0MzPYEx/GXFfO33n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b18895c431699652e86bd4201030776c_JaffaCakes118

Files

b18895c431699652e86bd4201030776c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7a7822861c99ad89fc8a6f9c731eaea9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
Sleep
VirtualProtectEx
GlobalFree
ReadProcessMemory
WideCharToMultiByte
GlobalAlloc
IsBadReadPtr
GetPrivateProfileStringA
GetProcAddress
GetModuleHandleA
CreateThread
GetModuleFileNameA
GlobalLock
GetCurrentProcess

user32

CallNextHookEx
SetWindowsHookExA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

msvcrt

_adjust_fdiv
malloc
_stricmp
_initterm
free
strrchr
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
sprintf
strlen
strncpy
strchr
strstr
fclose
fread
fopen
memset
memcpy
strcmp

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 269B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a7822861c99ad89fc8a6f9c731eaea9

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 584B

sdt Size: 512B - Virtual size: 269B

.reloc Size: 1024B - Virtual size: 668B

0 Size: 5KB - Virtual size: 5KB

1 Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 584B

sdt
Size: 512B - Virtual size: 269B

.reloc
Size: 1024B - Virtual size: 668B

0
Size: 5KB - Virtual size: 5KB

1
Size: 1KB - Virtual size: 1KB