efd239f35b59dd9ad163fd19037bbe27_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efd239f35b59dd9ad163fd19037bbe27_JaffaCakes118
Size

96KB
MD5

efd239f35b59dd9ad163fd19037bbe27
SHA1

c8b0e9b1a2650fc1264a928dbc4ad38c9bce9fde
SHA256

c83d9491b67e25a81bcb8302fc6a0744541de382058c30097d09e94f39e5dc27
SHA512

0370bddee258cc5a823c163b02bbb6c8d33a2f4bb02078c3c270246ede7d2693e9bef6f0664f2ffdf9fe993025aed7ce1ed84eeb59b77e4a2cca6427661f3272
SSDEEP

1536:m3AzdNpxYEd0KtTIwLv6QbQc6HRxyqAGlQlQQF:mQzdNpxYEZVxN6HoGlQlQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efd239f35b59dd9ad163fd19037bbe27_JaffaCakes118

Files

efd239f35b59dd9ad163fd19037bbe27_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e8b29a5a2546c43791486073543fc803

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetShortPathNameA
GetModuleFileNameA
MultiByteToWideChar
HeapAlloc
GetProcessHeap
GetCurrentThreadId
GetVersionExA
GetLastError
WideCharToMultiByte
HeapFree
OpenMutexA
lstrcmpiA
GetCommandLineA
HeapReAlloc
ExitProcess
SetFilePointer
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
HeapCreate
GetEnvironmentStringsW
VirtualFree
FreeEnvironmentStringsW
RaiseException
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
LCMapStringW
LCMapStringA
ReadFile
InterlockedDecrement
InterlockedIncrement
RtlUnwind
LocalFree
GetVersion
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
VirtualAlloc
WriteFile
IsBadWritePtr
Sleep
TerminateProcess
GetCurrentProcess
HeapSize
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

GetWindowTextA
wsprintfW
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
GetParent
SetWindowTextA
SetWindowTextW
SendMessageA
PostMessageA
GetWindowTextW
GetClassNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation

ole32

CoInitialize
CoUninitialize

shlwapi

PathAppendA
StrRetToBufA
PathFindFileNameA
PathStripPathA
PathRemoveFileSpecA
StrDupA
PathIsDirectoryW
PathFileExistsW
StrDupW
PathIsURLW
UrlApplySchemeW

wininet

InternetCrackUrlW

Exports

Exports

glo_StartHook
glo_StopHook

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8b29a5a2546c43791486073543fc803

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 19KB

Shared Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 19KB

Shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 6KB