d2cec533469af345bab257055dd6751e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d2cec533469af345bab257055dd6751e_JaffaCakes118
Size

98KB
MD5

d2cec533469af345bab257055dd6751e
SHA1

034cc57184f028a31c9b7f7640d046cdf5e0f8f1
SHA256

01be0c9a031c200bbffa36ef0ff56835972bc4dc8803899ef763f2d6cd6d741e
SHA512

99a2351556d319ca0ebfe59540dcccadb39f926aef90e19063b2fc84b774b4ffe86e324466f045aa02bb00fdf2eed0697275fc729cb2ea0898271137a3203d4f
SSDEEP

1536:xhoWKjdwLYw5+dTZ3niNd4zokwu2MzmEhKtkGHSrS:gjdUM5niYzoZRZPHSr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2cec533469af345bab257055dd6751e_JaffaCakes118

Files

d2cec533469af345bab257055dd6751e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d5a9d9d565f3ab562d3cc6d0acc7c1cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA

user32

GetWindowTextA
GetWindowThreadProcessId
MessageBoxA
EnumWindows
FindWindowA

kernel32

TlsSetValue
CreateFileW
GetStringTypeW
LCMapStringW
CloseHandle
VirtualFreeEx
Sleep
ResumeThread
SetThreadContext
VirtualProtect
GetLastError
GetThreadContext
SuspendThread
OpenThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
ReadProcessMemory
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlUnwind
RaiseException
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
IsProcessorFeaturePresent
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
HeapAlloc
HeapSize
ExitProcess
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreateFileA
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
ReadFile
GetModuleFileNameW
HeapReAlloc
LoadLibraryW
WriteConsoleW
SetEndOfFile
GetProcessHeap

Exports

Exports

?StartInject@@YGXPBD0@Z
?StopInject@@YGXXZ

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5a9d9d565f3ab562d3cc6d0acc7c1cb

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

kernel32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 14KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 70KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 14KB

.reloc
Size: 6KB - Virtual size: 6KB