e0c79d4ae2e22e4a4a3da257342d51c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0c79d4ae2e22e4a4a3da257342d51c8_JaffaCakes118
Size

130KB
MD5

e0c79d4ae2e22e4a4a3da257342d51c8
SHA1

2eaa063f3083191a6b46d10923f0b5114d47f617
SHA256

c48a88252df495c6c3b55f26ec429e9bb225b7b187a678691d981b6b20384569
SHA512

2d45b958e44c1b7656aa7e20112825ac4071f6ca94525256e016d663a2e3ce4c29b7ca50a0fda88aed930b0910b608373c84b0e88b0c5e84fc3625ca4f238e89
SSDEEP

768:XrCejNmBhsTZpMLGuKTD46laDmIb44H8Xhy+FuxM:X75mXlMn/laDmdX9FV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0c79d4ae2e22e4a4a3da257342d51c8_JaffaCakes118

Files

e0c79d4ae2e22e4a4a3da257342d51c8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

62647a76dd5cd45c34b2e78647620269

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
ResumeThread
WriteProcessMemory
VirtualProtectEx
OpenProcess
GetModuleFileNameA
GetProcAddress
ReadProcessMemory
GetCurrentProcess
GlobalLock
GlobalAlloc
GetModuleHandleA
GlobalFree
GlobalUnlock
IsBadReadPtr
CreateThread
GetTickCount
VirtualProtect
TerminateThread
InitializeCriticalSection
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
LoadLibraryA
SetThreadContext
OpenThread
SetUnhandledExceptionFilter
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemDirectoryA
VirtualAlloc
WritePrivateProfileStringA
GetLastError
CreateMutexA
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
DeleteFileA
GetCurrentThreadId
DisableThreadLibraryCalls
CreateProcessA
GetCurrentThread
Sleep
GetPrivateProfileIntA
GetCurrentProcessId
GetPrivateProfileStringA

user32

FindWindowA
GetKeyState
GetClassNameA
GetDesktopWindow
SendMessageA
GetWindowTextA
GetWindowThreadProcessId
GetMessageA
CallNextHookEx
SetWindowsHookExA
GetForegroundWindow
TranslateMessage
DispatchMessageA
FindWindowExA
UnhookWindowsHookEx
GetWindow

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

shlwapi

PathFileExistsA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

imagehlp

ImageLoad
ImageUnload

msvcrt

_strlwr
_adjust_fdiv
malloc
_initterm
free
??3@YAXPAX@Z
sscanf
strrchr
fread
??2@YAPAXI@Z
strstr
wcslen
strcmp
_stricmp
strcpy
strcat
strncpy
srand
rand
strlen
memcpy
memset
sprintf
fopen
fclose

Exports

Exports

Init

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdt
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62647a76dd5cd45c34b2e78647620269

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

imagehlp

msvcrt

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 5KB

.sdt Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 5KB

.sdt
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB