b8aa5c81ac34c524dd4a64e1fa73371a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8aa5c81ac34c524dd4a64e1fa73371a_JaffaCakes118
Size

36KB
MD5

b8aa5c81ac34c524dd4a64e1fa73371a
SHA1

45a58781e711d26ffd296c30bcd693893163c51d
SHA256

bdd5c40c4599e5242992ec3b83b2d2ec02726cac0f1dd0ac762563b71f689fc8
SHA512

12b9bfe8d24c922c269aa6431cb29242c51bd66cd103549569f4b6a7194bd4243b664a7faa0429dd60c904aaa77c9a40df083194444f64dfc9b661e51b885c29
SSDEEP

768:pgCYpNkV3Av6Qf1XSjH0nBBQARQkwYObE5jd8:GpCACa1CEBBQARg1bE5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8aa5c81ac34c524dd4a64e1fa73371a_JaffaCakes118

Files

b8aa5c81ac34c524dd4a64e1fa73371a_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

49ef740865f523eebfe3ff83b2ca3142

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
HeapAlloc
GetSystemInfo
GetVersionExA
HeapCreate
lstrlenW
WriteProcessMemory
InitializeCriticalSection
MultiByteToWideChar
GetCurrentDirectoryA
ReadProcessMemory
GetProcAddress
lstrlenA
WideCharToMultiByte
lstrcatA
DebugBreak
HeapReAlloc
HeapFree
LoadLibraryA
VirtualProtect
DisableThreadLibraryCalls
GetCurrentProcess
TerminateProcess
CreateEventA
CreateThread
OpenEventA
SetEvent
CloseHandle
Sleep
GetModuleFileNameA
WaitForSingleObject
WinExec

user32

KillTimer
SetTimer
wsprintfA
CallNextHookEx
SetWindowsHookExA

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey

oleaut32

SysStringLen
LoadRegTypeLi
SysFreeString

atl

ord23
ord21
ord15
ord18
ord57
ord32
ord16
ord58
ord30

msvcrt

memcmp
memcpy
strrchr
fclose
fread
_strlwr
fputs
fopen
strcmp
_strcmpi
_itoa
strlen
strcpy
strcat
memset

ws2_32

send

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
InternetOpenUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
calloc
free
malloc
realloc

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49ef740865f523eebfe3ff83b2ca3142

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

atl

msvcrt

ws2_32

wininet

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB