dde215945d217d8c97dcc498f43cfa86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dde215945d217d8c97dcc498f43cfa86_JaffaCakes118
Size

233KB
MD5

dde215945d217d8c97dcc498f43cfa86
SHA1

a32affff01428f07f494376c4c0a21076f02957f
SHA256

049a52606764d384ae6da25670f5a21a26303b7b2d038f950c789f8de79078b4
SHA512

aeacd703110b1e9bb2e63f91fe4d1970038c9f559be15ca9187254381766f4e7df6ba7a3de25a2af14a02dd547c58851310cb3b987fc2e1de7436db6e1900671
SSDEEP

3072:N2OYKNHUVB9x4L4ycTYWoclmax0JyM0PxBCB/UUDM9uD+xwml5tFB:oOYOHqcL4ycTYZclmU04zP/0/UUMu4F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dde215945d217d8c97dcc498f43cfa86_JaffaCakes118

Files

dde215945d217d8c97dcc498f43cfa86_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b276fef773b48cafa187b38b74587762

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\keyloger\KeyLog\keytest1\keytest\taskmng.pdb

Imports

kernel32

FileTimeToLocalFileTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
FormatMessageA
MultiByteToWideChar
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
SetThreadPriority
GetCurrentThreadId
SetEvent
FileTimeToSystemTime
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalFree
GetVersionExA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
InterlockedDecrement
GetCurrentProcessId
lstrcmpA
GlobalFlags
GetFileAttributesA
GetFileSizeEx
GetFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleW
InterlockedIncrement
GetLocaleInfoA
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocalTime
GetTimeZoneInformation
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
HeapReAlloc
ExitThread
CreateThread
VirtualAlloc
HeapSize
SetStdHandle
GetFileType
HeapCreate
VirtualFree
GetStdHandle
SetHandleCount
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
lstrlenA
ResumeThread
CloseHandle
SetLastError
GetLastError
CreateProcessA
GetExitCodeProcess
CreateEventA
WaitForSingleObject
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
FreeLibrary
DeleteFileA
GetModuleHandleA
GetModuleFileNameA
LockResource
MoveFileA
GetCompressedFileSizeA
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
SuspendThread
GetComputerNameA

user32

LoadIconA
RegisterWindowMessageA
IsWindowEnabled
GetWindowThreadProcessId
SetWindowTextA
ShowWindow
ClientToScreen
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
DestroyMenu
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowRect
GetWindow
WinHelpA
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
IsWindowVisible
PeekMessageA
GetCursorPos
ValidateRect
CharUpperA
GetSystemMetrics
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
EnableWindow
SetForegroundWindow
GetClientRect
PostMessageA
MessageBoxA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
GetWindowPlacement
GetMenu
GetWindowLongA
SetWindowLongA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
SetTimer
PostThreadMessageA
KillTimer
GetMessageA
GetClassNameA
RegisterClassExA
PostQuitMessage
CallNextHookEx
SendMessageA
TranslateMessage
SetWindowPos
SystemParametersInfoA
GetForegroundWindow
GetWindowTextA
CreateWindowExA
DefWindowProcA
SetWindowsHookExA
EnumChildWindows
DispatchMessageA
UnhookWindowsHookEx
GetKeyState
GetAsyncKeyState
GetKeyboardLayoutNameA
IsIconic
CallWindowProcA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shlwapi

PathIsUNCA
PathFindFileNameA
PathStripToRootA

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetQueryDataAvailable
HttpAddRequestHeadersA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetMapMode
SaveDC
ExtTextOutA
DeleteObject
SetBkColor
RestoreDC
SetTextColor
GetClipBox
CreateBitmap
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

comdlg32

GetFileTitleA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b276fef773b48cafa187b38b74587762

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shlwapi

wininet

oleacc

gdi32

winspool.drv

comdlg32

oleaut32

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 9KB - Virtual size: 26KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 9KB - Virtual size: 26KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 31KB - Virtual size: 31KB