ebd15d1bbb6bb7f2cc39177930956d94_JaffaCakes118

General

Target

ebd15d1bbb6bb7f2cc39177930956d94_JaffaCakes118
Size

44KB
MD5

ebd15d1bbb6bb7f2cc39177930956d94
SHA1

ecfc297d0b1341c6a3e6fd7843a7405074c963cf
SHA256

5e96aae843a0f3c91dbfa6130a6d5d4fe0d41ff5428c7e08280629ba8aa91297
SHA512

01ec37923c5efa232ef3e9ca9bdae1eea6cfc4354ad5e96d15fc09a6375fa024d0800d95a833be24cd5d622fccdea0b9ffa7de390b29c0c002278975b0487e54
SSDEEP

384:36317I7DJw1J+P0Cjj7DI2S7noiW7INzR+gEkx9lNNCSLOgsT:a17I7Dc+3f7MtoGDNCSLOgs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebd15d1bbb6bb7f2cc39177930956d94_JaffaCakes118

Files

ebd15d1bbb6bb7f2cc39177930956d94_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

a2f3f2298e22576e089572c85de9a78f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
connect
htons
closesocket
gethostbyname
ioctlsocket
recv
socket

kernel32

LocalFree
VirtualAlloc
CreateThread
IsBadStringPtrA
LoadLibraryA
Sleep
GetProcAddress
GetSystemInfo
IsBadReadPtr
VirtualQuery
VirtualProtect
WideCharToMultiByte
GetModuleHandleA
GetTickCount
InterlockedDecrement
CloseHandle
CreateFileA
GetLastError
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
DeleteFileA

user32

GetClassNameA
SetWindowsHookExA
CallNextHookEx
FindWindowA
GetWindowTextA
GetParent
ScreenToClient

ole32

CoInitializeEx
OleRun
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

msvcrt

_CxxThrowException
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
wcslen
??2@YAPAXI@Z
__CxxFrameHandler
sprintf
??3@YAXPAX@Z
atoi
calloc
realloc
_strdup
free

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2f3f2298e22576e089572c85de9a78f

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

ole32

oleaut32

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 114KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 114KB

.reloc
Size: 4KB - Virtual size: 2KB