b79bc0294494060ccecefb5658aa75a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b79bc0294494060ccecefb5658aa75a9_JaffaCakes118
Size

1.5MB
MD5

b79bc0294494060ccecefb5658aa75a9
SHA1

835f8728922867e5a5f574d7c71e1e360efa8d88
SHA256

1908ce6ff426626613e214e94d2f3bd67ea1fb91522581763e15adb0fd453b6d
SHA512

e6c247a6fe4e6ac084f93f54f45d6cbe13bb3fcc0b79c5c3fb1040354267bad461218c83508d76fa22b2df1fe111532b0b8e0d02521b538ef9a58883958732f4
SSDEEP

24576:bKpjEz554FO5dtUDXT6JTbZUVJm/Tn2+6KCuQwqtARm+LPggXrrKS2R:bVz554FOlUDmVLT2byQwKARBPl7rd2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b79bc0294494060ccecefb5658aa75a9_JaffaCakes118

Files

b79bc0294494060ccecefb5658aa75a9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e21b5add7e7d1257edfa392c60c02723

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

ole32

CoTaskMemFree

comctl32

ImageList_SetIconSize

comdlg32

GetSaveFileNameW

winmm

PlaySoundA

wsock32

WSACleanup

Exports

Exports

endhook
sethook

Sections

CODE
Size: - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 264KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SOS0
Size: - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SOS1
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SOS2
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e21b5add7e7d1257edfa392c60c02723

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

comdlg32

winmm

wsock32

Exports

Exports

Sections

CODE Size: - Virtual size: 804KB

DATA Size: - Virtual size: 6KB

BSS Size: - Virtual size: 264KB

.idata Size: - Virtual size: 11KB

.edata Size: - Virtual size: 88B

.SOS0 Size: - Virtual size: 59KB

.rsrc Size: 5KB - Virtual size: 65KB

.SOS1 Size: - Virtual size: 1.0MB

.SOS2 Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 136B

CODE
Size: - Virtual size: 804KB

DATA
Size: - Virtual size: 6KB

BSS
Size: - Virtual size: 264KB

.idata
Size: - Virtual size: 11KB

.edata
Size: - Virtual size: 88B

.SOS0
Size: - Virtual size: 59KB

.rsrc
Size: 5KB - Virtual size: 65KB

.SOS1
Size: - Virtual size: 1.0MB

.SOS2
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 136B