b1d6584a9ee9b0196960823a8ec846db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1d6584a9ee9b0196960823a8ec846db_JaffaCakes118
Size

153KB
MD5

b1d6584a9ee9b0196960823a8ec846db
SHA1

503ad6ebaabc79de00cbdcfba20959a817f490d0
SHA256

cc929507b3964b2b344208f3f1311cdf2b7daea86581f00402ea6a29d6d3f5c4
SHA512

61f19a4bfcf15b9e1b0393e6c7ceedbab1fe9c0230431f5575417dfa6a3908c5ed3a03f290899d0d2c168a9bdab2e115e79fe013c960ed4c8314e41b6d198ac2
SSDEEP

3072:xcOBWpg30WoHdnqxPF2cURwmtc3FA7qCueTJbs+K7o:xcOBWp80Ndnqt12eOeHMJO7o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1d6584a9ee9b0196960823a8ec846db_JaffaCakes118

Files

b1d6584a9ee9b0196960823a8ec846db_JaffaCakes118
.dll windows:4 windows x86 arch:x86

22be79356dc6a278a5c8bcad0a8f0f45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetComputerNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
SetThreadContext
GetThreadContext
GetCurrentThread
SetUnhandledExceptionFilter
ExitProcess
CloseHandle
ReadFile
CreateFileA
GetCommandLineA
GlobalUnlock
OutputDebugStringA
CreateEventA
OpenEventA
TerminateThread
GetProcAddress
SetFilePointer
LoadLibraryA
GetCurrentProcessId
TerminateProcess
CreateThread
GetCurrentThreadId
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
DeleteFileA
WriteFile
GetFileSize
VirtualProtectEx
SetThreadPriority
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
GetThreadPriority
GetWindowsDirectoryA
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GlobalAlloc
GlobalLock
GetModuleHandleA
ReadProcessMemory
GlobalFree
OpenProcess
GetModuleFileNameA
RtlUnwind

user32

EnumChildWindows
GetClassNameA
IsWindowVisible
ReleaseDC
GetDC
ClientToScreen
GetClientRect
ToAscii
MapVirtualKeyA
GetKeyboardState
GetKeyState
GetForegroundWindow
IsWindowEnabled
GetAsyncKeyState
ToUnicode
wsprintfA
GetWindowTextA
FindWindowA
GetWindowThreadProcessId
GetMessageA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetInputState
PostThreadMessageA
SendMessageA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

gdi32

GetPixel

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22be79356dc6a278a5c8bcad0a8f0f45

Headers

File Characteristics

Imports

kernel32

user32

wininet

gdi32

advapi32

Sections

.text Size: 138KB - Virtual size: 138KB

sdata Size: 4KB - Virtual size: 4KB

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 138KB - Virtual size: 138KB

sdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 10KB - Virtual size: 9KB