c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118

General

Target

c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118
Size

10KB
MD5

c832cd716cbe2b9ebb7c6ed4dd038eba
SHA1

b54f46a7c2358f6ae9f92bf0f1a667db254561ae
SHA256

af89572a9f4b400ec42ba150cc27f30891af67443e0fcd21a8cea2e70b3c53fe
SHA512

0fd1ffcafe4b3cfba7cb808d0f6e60025aeecd98532b6ecb09a9d6f6810bb08c6e52be6e9a0e3967955f13b9c33957332c72325127d19ff0ff591c0835c81c68
SSDEEP

192:svrBt6Orpi5itGXmYoFbLfDz8n/jMcPkslsisl:MrdGXmYoFbLfDk/g6ks6i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118

Files

c832cd716cbe2b9ebb7c6ed4dd038eba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5d300ff097dfc6c69f830069b92dc3c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostThreadMessageA
SetWindowsHookExA
CallNextHookEx
wsprintfA

kernel32

GetModuleHandleA
GetModuleFileNameA
GetProcAddress
lstrcmpiA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetLocalTime
WriteProcessMemory
GetCurrentProcess
VirtualProtect
VirtualQuery
CloseHandle
Thread32Next
ResumeThread
SuspendThread
GetCurrentThreadId
Thread32First
CreateToolhelp32Snapshot
GetCurrentProcessId
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
Module32Next
Module32First
GetVersionExA

imagehlp

ImageDirectoryEntryToData

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle

msvcrt

malloc
strstr
fgets
tolower
free
_adjust_fdiv
strcpy
strlen
_initterm
wcsstr
fopen
memset
fclose
fputs
fprintf
sprintf
fwrite
wcscpy

Exports

Exports

SetHook

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SData
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d300ff097dfc6c69f830069b92dc3c6

Headers

File Characteristics

Imports

user32

kernel32

imagehlp

wininet

msvcrt

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 46KB

.SData Size: 512B - Virtual size: 12B

.reloc Size: 1024B - Virtual size: 898B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 46KB

.SData
Size: 512B - Virtual size: 12B

.reloc
Size: 1024B - Virtual size: 898B