dfa27eba9fcf398d768e8074b894fb20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dfa27eba9fcf398d768e8074b894fb20_JaffaCakes118
Size

28KB
MD5

dfa27eba9fcf398d768e8074b894fb20
SHA1

aee1a4132cd962304c07756e2488ac5ad631d530
SHA256

b468c6de8dc4652ff48e47f2ecce8931ff917f4359f824395dde65f3b41425d7
SHA512

ef12be1a3f5dfcd7839a46dd166eb79953b40262c3835444d802d7cb07f6c8bc6e61c32b5ffa71c1fb046ce21c2136159a27026feb3793f1b9e89a073dd72ddb
SSDEEP

192:o1zvzivn3iPxGVQWT3cdNigpdqjFXLp3vRHjRujLtOj:o1vivn3UxGVQQ3wiycFXLp3vRW6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfa27eba9fcf398d768e8074b894fb20_JaffaCakes118

Files

dfa27eba9fcf398d768e8074b894fb20_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2e33ebfca7b2aa88aa3667502f084472

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
DisableThreadLibraryCalls
FreeLibraryAndExitThread
CloseHandle
TerminateThread
WaitForSingleObject
CreateEventA
GetProcAddress
ExitProcess
ReadFile
GetFileSize
CreateFileA
WriteFile
SetFilePointer
GetLocalTime
IsDBCSLeadByte
DeleteFileA
Process32First
CreateToolhelp32Snapshot
OpenProcess
CreateProcessA
GetStartupInfoA
WaitForMultipleObjects
VirtualFreeEx
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
MultiByteToWideChar
GetLastError
GetCurrentProcess
CreateThread
lstrlenA
lstrcmpA
lstrcpyA
FreeLibrary
GetSystemDirectoryA
Process32Next
LoadLibraryA

user32

CallNextHookEx
wsprintfA
CloseWindowStation
CloseDesktop
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
WaitForInputIdle
CharUpperA
GetFocus
SetThreadDesktop
SetWindowsHookExA
UnhookWindowsHookEx
GetActiveWindow
GetWindowTextA

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

wininet

HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetSetOptionA
InternetReadFile

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

msvcrt

strstr
strlen
_EH_prolog
__CxxFrameHandler
memcpy
strchr
??2@YAPAXI@Z
??3@YAXPAX@Z
free
_initterm
malloc
memset
_adjust_fdiv
_except_handler3

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e33ebfca7b2aa88aa3667502f084472

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

imm32

msvcrt

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

Shared Size: 4KB - Virtual size: 312B

.reloc Size: 4KB - Virtual size: 802B

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

Shared
Size: 4KB - Virtual size: 312B

.reloc
Size: 4KB - Virtual size: 802B