d432a148e7040ff6d88d8f2ec89a7c61_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d432a148e7040ff6d88d8f2ec89a7c61_JaffaCakes118
Size

188KB
MD5

d432a148e7040ff6d88d8f2ec89a7c61
SHA1

033efcbcdca8f261e16da9381a8eeac39db4118f
SHA256

fcb2d7d84b4f43bac9b8938b782640c54ed16ad69cfe40b3d3c41c7b36153798
SHA512

656444295642b9bda4278511fe174aa2ad39ed28e5557fb5a3d48712fa3ffcf4558c49026cc99b1e2ac7a334a7dced63aa3ae8d1ef412b65c1015fb97d6af8cd
SSDEEP

768:uVFeF7KyvKES7de63HSwBxFZ+vBPvcsItDSZUQ:F2y213HFHF8BcjIn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d432a148e7040ff6d88d8f2ec89a7c61_JaffaCakes118

Files

d432a148e7040ff6d88d8f2ec89a7c61_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c15825aeaadaa4965e0c80ca66cccf6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryExA
VirtualProtect
CreateToolhelp32Snapshot
Module32Next
CloseHandle
GetCurrentProcessId
WriteProcessMemory
CreateFileA
SetFilePointer
GetSystemInfo
WriteFile
Sleep
GetSystemDirectoryA
CreateThread
GetLocaleInfoA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LoadLibraryA
GetProcAddress
lstrcmpiA
Module32First
LoadLibraryW
GetCurrentProcess
LoadLibraryExW
VirtualQuery
GetCommandLineA
GetVersionExA
HeapReAlloc
HeapAlloc
ExitProcess
TerminateProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
DisableThreadLibraryCalls
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
SetStdHandle
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
RtlUnwind

user32

wsprintfA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

imagehlp

ImageDirectoryEntryToData

Exports

Exports

_Prog_HookAllApps@12

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xShared
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15825aeaadaa4965e0c80ca66cccf6d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

imagehlp

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

xShared Size: 140KB - Virtual size: 136KB

Shared Size: 4KB - Virtual size: 9B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

xShared
Size: 140KB - Virtual size: 136KB

Shared
Size: 4KB - Virtual size: 9B

.reloc
Size: 4KB - Virtual size: 2KB