d579c7a00d0bb528b08ff71d2b378f1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d579c7a00d0bb528b08ff71d2b378f1e_JaffaCakes118
Size

164KB
MD5

d579c7a00d0bb528b08ff71d2b378f1e
SHA1

8ad42ca43985f705f3df2fc9ce948fe715b5436e
SHA256

89174ce34b97a456316720d3d0c4f795c5a392f8ed7134be314c522a4552c14c
SHA512

ec10021c387c286c4a79222904328ed46f410b19350e622098151245453a8fdfba59c129a5f3182ad86f2ed6ff252f2d78f45fc3b279002b914497ce0f66a9c3
SSDEEP

3072:Kc0W+mQag0uapSlOtbJnVyS7xDGvhTW10FAdFnCmSDbs12M1:Kc0WAa2a8lOthgS7xYB3OdBCmSDW2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d579c7a00d0bb528b08ff71d2b378f1e_JaffaCakes118

Files

d579c7a00d0bb528b08ff71d2b378f1e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

438c6180232b02a30b9d32fbfe8e5818

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
OpenEventA
Sleep
CreateThread
GetCurrentProcess
GetComputerNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
ExitProcess
ReadFile
CreateFileA
GetCommandLineA
GlobalUnlock
OutputDebugStringA
GetLocalTime
GetProcAddress
GetCurrentThreadId
WritePrivateProfileStringA
GetSystemDirectoryA
TerminateThread
CloseHandle
TerminateProcess
OpenProcess
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
DeleteFileA
WriteFile
GetFileSize
VirtualProtectEx
SetThreadPriority
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
GetThreadPriority
GetWindowsDirectoryA
GetStringTypeW
GetStringTypeA
IsBadReadPtr
GlobalAlloc
GlobalLock
GetModuleHandleA
ReadProcessMemory
GlobalFree
GetCurrentProcessId
GetModuleFileNameA
RtlUnwind

user32

GetWindowThreadProcessId
GetMessageA
PostThreadMessageA
GetInputState
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
ReleaseDC
GetDC
ToAscii
MapVirtualKeyA
GetKeyboardState
GetKeyState
GetAsyncKeyState
ToUnicode
wsprintfA
GetWindowTextA
FindWindowA
EnumChildWindows
SendMessageA
IsWindowEnabled
GetClassNameA
GetClientRect
ClientToScreen
GetForegroundWindow
IsWindowVisible

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

gdi32

GetPixel

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

Sections

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

438c6180232b02a30b9d32fbfe8e5818

Headers

File Characteristics

Imports

kernel32

user32

wininet

gdi32

advapi32

Sections

.text Size: 148KB - Virtual size: 148KB

sdata Size: 4KB - Virtual size: 4KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 148KB

sdata
Size: 4KB - Virtual size: 4KB

.reloc
Size: 11KB - Virtual size: 10KB