d1153824b50054f2c5f3d96512e47f21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1153824b50054f2c5f3d96512e47f21_JaffaCakes118
Size

23KB
MD5

d1153824b50054f2c5f3d96512e47f21
SHA1

12e36a7b4eacb9b0cc704a669744a32a22be8e92
SHA256

b50b87a2fff52357fd664f5fc2faf0c05ab89a3baad6d0efdcab331e4a45d6a8
SHA512

a0c744d3846ea17ed7ba5908a44848e97b1bf58092feebab3173f9789e453c790186e97c602be1a12c6221d224cd049cdeab2d8e4d9c107620c89fb226320734
SSDEEP

384:vU6uAYu/vGs4aT+zrWktCO27AKEL21iPKXeWJvBzRQo6YoMM:cxC/vTFk0dvKMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1153824b50054f2c5f3d96512e47f21_JaffaCakes118

Files

d1153824b50054f2c5f3d96512e47f21_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4014ada25aa4555e35c6f847bdbdbde5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetWindowTextA
GetForegroundWindow
GetClassNameA
EnumChildWindows
wsprintfA

kernel32

VirtualAlloc
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
DeviceIoControl
ExitThread
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetTickCount
HeapAlloc
HeapFree
IsBadCodePtr
LoadLibraryA
MapViewOfFile
OpenProcess
RtlZeroMemory
Sleep
UnmapViewOfFile
ord5
VirtualProtectEx
_llseek
_lread
_lwrite
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
VirtualAlloc
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
DeviceIoControl
ExitThread
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
GetTickCount
HeapAlloc
HeapFree
IsBadCodePtr
LoadLibraryA
MapViewOfFile
OpenProcess
RtlZeroMemory
Sleep
UnmapViewOfFile
ord5
VirtualProtectEx
_llseek
_lread
_lwrite
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey

wininet

HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestA

ws2_32

WSAStartup
WSACleanup
connect
gethostbyname
recv
send
socket
closesocket

urlmon

URLDownloadToFileA

Exports

Exports

DLD
tcpGDC

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4014ada25aa4555e35c6f847bdbdbde5

Headers

File Characteristics

Imports

user32

kernel32

advapi32

wininet

ws2_32

urlmon

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 133KB

.rsrc Size: 512B - Virtual size: 384B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 133KB

.rsrc
Size: 512B - Virtual size: 384B

.reloc
Size: 1KB - Virtual size: 1KB