eafc8d0e1868571039ea33dc5327a568_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eafc8d0e1868571039ea33dc5327a568_JaffaCakes118
Size

33KB
MD5

eafc8d0e1868571039ea33dc5327a568
SHA1

5d967ca82c7f1692e3c6c31b59ff52e5829892dc
SHA256

2713747d9df8d69100f72c4bec93b114e17c43b1d0ce3e96c77fcdd88c8b033b
SHA512

1446f4b3cbb90795fa3d6db3f073f3939965725e8e46ed20f0cd04678ee9d3b031bdc19baa8186d1f0d057982f20aa146f3ccdea229a1648274a000fbedc37fe
SSDEEP

768:Rp61kLh0V4PXRjS924SC6ecmZ7e06D9eGn9Gv:R/bS9SKaDIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eafc8d0e1868571039ea33dc5327a568_JaffaCakes118

Files

eafc8d0e1868571039ea33dc5327a568_JaffaCakes118
.exe windows:4 windows x86 arch:x86

23a51184d6254790d63cd0482d107952

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetConnectA
InternetOpenA
FtpSetCurrentDirectoryA
FtpCreateDirectoryA
FtpOpenFileA
InternetWriteFile
InternetCloseHandle
InternetCheckConnectionA
InternetAutodial

kernel32

GetCurrentProcessId
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
HeapSize
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
WriteProcessMemory
GetCurrentProcess
SystemTimeToFileTime
GetSystemTime
lstrlenA
lstrcpynA
GetCurrentThreadId
WaitForSingleObject
ResetEvent
CloseHandle
CreateEventA
lstrcpyA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcatA
GetTimeZoneInformation
LeaveCriticalSection
Sleep
TryEnterCriticalSection
GetTickCount
InitializeCriticalSection
OpenProcess
TerminateThread
GetComputerNameA
CreateThread
GetExitCodeThread
GetVersion
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetLongPathNameA
UnmapViewOfFile
DeleteFileA
GetModuleFileNameA
CreateProcessA
WriteProfileStringA
GetShortPathNameA
CopyFileA
SetFileAttributesA
lstrcmpA
GetLastError
CreateMutexA
CreateDirectoryA

user32

MessageBoxA
LoadStringA
wvsprintfA
CharUpperBuffA
CharLowerBuffA
GetKeyState
ToAscii
GetAsyncKeyState
GetKeyboardState
GetKeyNameTextA
CallNextHookEx
MapVirtualKeyA
TranslateMessage
PeekMessageA
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetWindowsHookExA
UnhookWindowsHookEx
PostThreadMessageA
GetWindowLongA
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextA
GetWindowTextLengthA

advapi32

GetUserNameA
RegSetValueExA
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegEnumValueA

ws2_32

htons
htonl
WSAGetLastError
WSACleanup
closesocket
recv
send
ioctlsocket
connect
socket
WSAStartup
gethostbyname
__WSAFDIsSet
select
gethostname

Exports

Exports

?LogSendBack@LOG@@YGHXZ
KeyHookMsg

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23a51184d6254790d63cd0482d107952

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 6KB - Virtual size: 11KB

.rsrc Size: 1024B - Virtual size: 568B

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 568B