d09ea2eed6bec53a178954837110ea3f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d09ea2eed6bec53a178954837110ea3f_JaffaCakes118
Size

40KB
MD5

d09ea2eed6bec53a178954837110ea3f
SHA1

955f855b64c04883b9b965987c8ea682cb803658
SHA256

1ccadd60e003197dd283081b1b9f465d299ed4dcf9988e85a3c11ec8d6108888
SHA512

2a0f03376fab969f326791b02ccf3f21e3fa636d079eb4c3bd6e34122efe41973dac99cbd00597cdb04869c9abaf80a74e4b8f6178685e398358b3570b38e545
SSDEEP

384:l71YeQBvY3tlWtnrwVToPZWZLwGHxtomlUBGGamoBDpoyiYeOsRFuGR0kh9o/GAu:l7GeQBA+trwVTQgeafpo0RsRF76Mo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d09ea2eed6bec53a178954837110ea3f_JaffaCakes118

Files

d09ea2eed6bec53a178954837110ea3f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d4aa383aa761bf6e8d87b3d21d2bcabd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualQuery
WriteProcessMemory
GetCurrentProcess
lstrcmpiA
LoadLibraryA
GetSystemInfo
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameA
SetLastError
LoadLibraryW
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

SetWindowsHookExA
CallNextHookEx
FindWindowA
FindWindowExA
SendMessageA
UnhookWindowsHookEx

imagehlp

ImageDirectoryEntryToData

Exports

Exports

Install
UnInstall

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.csnslk
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4aa383aa761bf6e8d87b3d21d2bcabd

Headers

File Characteristics

Imports

kernel32

user32

imagehlp

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.csnslk Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.csnslk
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 3KB