bad1717e5bf58f97d073c41787c8564e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bad1717e5bf58f97d073c41787c8564e_JaffaCakes118
Size

14KB
MD5

bad1717e5bf58f97d073c41787c8564e
SHA1

a80df26065572cb371e9a2dbe944eef5ef8d4697
SHA256

e3995a3942241ee49f973bf65381fa174d7e251b4de466080a7f623bc786963c
SHA512

5758780f58436647d423744606dbe129748acf6cb354314eed80af32351d77b482b55a56df36ff50126693509818e1f1c2e52dbfe1c3900ec1b1ae1650db7809
SSDEEP

192:si9JuGJQT1UejKXMRjsj7T1hW6fiAwdbgA2:si9OTeeYb1hml

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bad1717e5bf58f97d073c41787c8564e_JaffaCakes118

Files

bad1717e5bf58f97d073c41787c8564e_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e248ba88e73adc9a4ad7082d8fa05850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
SendMessageA
OpenClipboard
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetClipboardData
GetClassNameA
FindWindowExA
CloseClipboard
CallNextHookEx
wsprintfA

kernel32

ReadProcessMemory
GlobalUnlock
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
WinExec
SystemTimeToFileTime
CloseHandle
CompareStringA
CreateDirectoryA
CreateFileA
CreateThread
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetCurrentProcess
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemTime
GetTickCount
GetVolumeInformationA
GlobalAlloc
GlobalFree
GlobalLock
ReadFile
LocalAlloc
LocalFree
SetFilePointer

advapi32

GetUserNameA

wsock32

inet_ntoa
socket
inet_addr
htons
gethostbyname
send
recv
closesocket
WSAStartup
connect

wininet

FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
DeleteUrlCacheEntryA
InternetGetConnectedState

urlmon

URLDownloadToFileA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 78KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e248ba88e73adc9a4ad7082d8fa05850

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wsock32

wininet

urlmon

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 78KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 78KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1KB - Virtual size: 1KB