ea90304691b40ca1aa1a82c5fe5bd219_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea90304691b40ca1aa1a82c5fe5bd219_JaffaCakes118
Size

48KB
MD5

ea90304691b40ca1aa1a82c5fe5bd219
SHA1

42710a6fceb4965de210f309950d7625fa2c27bf
SHA256

4a95e93aebcef9951361b434869af79396943f8469ff3500b4757eb82cc713dd
SHA512

6a656ed54814ae0c9c5d065d23c12c4efa35e6fa0becc687adca82be18233652c66e64239208b933dd656c50e8c667049fc5f7203c840df3fb3554a7c1731c52
SSDEEP

768:sNRzeO47PjE6ZDeGkZr9W44ezPATR6i0:sNBj791xzI91

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea90304691b40ca1aa1a82c5fe5bd219_JaffaCakes118

Files

ea90304691b40ca1aa1a82c5fe5bd219_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cd8746ffe2236af5822e27a35d8326e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
GetFileSize
CreateProcessA
CreateDirectoryA
DeleteFileA
Sleep
RemoveDirectoryA
SetFileAttributesA
TerminateThread
GetModuleHandleA
GetSystemTime
GetVersion
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
GetSystemInfo
IsBadReadPtr
OutputDebugStringA
WriteFile
ResetEvent
Process32Next
Process32First
CreateToolhelp32Snapshot
ReleaseMutex
GetCurrentDirectoryA
CreateEventA
CreateMutexA
SetErrorMode
GetLocaleInfoA
GetVolumeInformationA
GetCurrentProcessId
GetComputerNameA
TerminateProcess
OpenProcess
GetSystemDirectoryA
GetCurrentProcess
GetCurrentThreadId
GetVersionExA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
lstrcpyA
lstrcatA
GetDriveTypeA
lstrlenA
CreateFileA
GetLastError
ReadFile
HeapFree
GetProcessHeap
HeapAlloc
GetTickCount
WaitForSingleObject
CreateThread
SetEvent
CloseHandle

user32

SetForegroundWindow
SendMessageA
DestroyWindow
ShowWindow
GetLastInputInfo
GetKeyboardLayoutNameA
keybd_event
mouse_event
SetWindowTextA
IsWindowVisible
SendInput
EnumWindows
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
CloseDesktop
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation
GetMessageA
OpenWindowStationA
GetDesktopWindow
CallNextHookEx
GetWindowTextA
GetForegroundWindow
OpenInputDesktop
GetUserObjectInformationA
GetKeyState
DispatchMessageA
TranslateMessage

gdi32

CreateDCA
GetDeviceCaps
CreateCompatibleDC
DeleteObject
GetDIBColorTable
StretchBlt
SetStretchBltMode
SelectObject
CreateDIBSection
DeleteDC

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
GetUserNameA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ws2_32

gethostname
inet_ntoa
WSAStartup
WSACleanup
send
select
recv
socket
gethostbyname
closesocket
htons
connect
setsockopt
ioctlsocket

msvcrt

rename
memmove
_strupr
_vsnprintf
strstr
rand
srand
time
__CxxFrameHandler
printf
free
malloc
_initterm
_adjust_fdiv
strrchr

psapi

GetModuleFileNameExA

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd8746ffe2236af5822e27a35d8326e2

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcrt

psapi

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 2KB