b464920b066e015865189a765a0c4863_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b464920b066e015865189a765a0c4863_JaffaCakes118
Size

28KB
MD5

b464920b066e015865189a765a0c4863
SHA1

b95450ed2399fbd8afc45185a9cd08292285fe21
SHA256

92672f65abe7227f7832d14103b5ee9035f759887a66f31c5e8b524dbc292657
SHA512

bb485c684b8e3298ce50ad3b1d8cacbe37ca9f11f1772a317ef59c8f531135d106a63f440f0b1f7fd1d71cf6f0984272126159a9357d781ffbd4e1f46eba417a
SSDEEP

768:TgEgjxGW7ZO1rVhzdD6TDDXDLFo8zIIm:TgEHKZO1dCu8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b464920b066e015865189a765a0c4863_JaffaCakes118

Files

b464920b066e015865189a765a0c4863_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6945fda510df900744221740197c3da6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
GetModuleHandleA
CreateMutexA
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetTickCount
VirtualProtectEx
InitializeCriticalSection
CreateRemoteThread
GetProcAddress
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
ResumeThread
TerminateProcess
GetModuleFileNameA
GetCurrentProcess
GetCommandLineA
WritePrivateProfileStringA
SetEvent
WriteFile
VirtualFree
ExitProcess
GetCurrentThreadId
SetUnhandledExceptionFilter
Thread32Next
SetThreadContext
OpenThread
Thread32First
CreateToolhelp32Snapshot
VirtualProtect
WideCharToMultiByte
LoadLibraryA
IsBadReadPtr
TerminateThread
CreateThread
CreateEventA
GetLastError
WaitForSingleObject
ResetEvent
CreateFileA
ReadFile
CloseHandle
Sleep
DeleteFileA
VirtualAlloc
GetTempPathA

user32

CallNextHookEx
GetWindowThreadProcessId
FindWindowA
UnhookWindowsHookEx
SetWindowsHookExA
GetForegroundWindow
GetWindowTextA

wininet

InternetCloseHandle
InternetReadFile

shlwapi

PathFileExistsA

msvcrt

_initterm
malloc
_adjust_fdiv
_strupr
_stricmp
_strlwr
_wcslwr
free
fopen
fread
fclose
wcslen
strcat
??2@YAPAXI@Z
memcpy
strrchr
memset
strlen
atoi
sprintf
strcpy
rand
srand
wcsstr
strstr
strncpy
strcmp

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdt
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6945fda510df900744221740197c3da6

Headers

File Characteristics

Imports

kernel32

user32

wininet

shlwapi

msvcrt

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 3KB

sdt Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 3KB

sdt
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB