f09849eebb19ecff4e27116860824207_JaffaCakes118

General

Target

f09849eebb19ecff4e27116860824207_JaffaCakes118
Size

17KB
MD5

f09849eebb19ecff4e27116860824207
SHA1

4cba90b4e963e39afa5c4a9efa4e82e437c9df37
SHA256

a4f4abddd4ecf24db9a8d3f861f5ae4bfe0cadc01d39776ccd024591c258a387
SHA512

4cd8fb0b622d8665fdc81beb528fbb5e43c7c6bd542a8a61e275f3f0ddde6ff7ab4af988ad513643469d5890af7a1d809e24d1fc07f266223849f1563693d7ce
SSDEEP

384:KRKjP1wUykHkqIuHAZjhJLP7+rdbRkKzJsarfc/NiMMvohlF:KRKZMEJ0hN6rdb1zJtrfc/NiZvOl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f09849eebb19ecff4e27116860824207_JaffaCakes118

Files

f09849eebb19ecff4e27116860824207_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c3f70bcbfaeefdd2ef363667b4b7322e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetComputerNameA
WriteProcessMemory
ReadProcessMemory
ExitProcess
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateThread
GetCurrentProcess
GlobalFree

user32

GetWindowThreadProcessId
GetWindowTextA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
FindWindowA

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

memset
_adjust_fdiv
malloc
_initterm
free
memcpy
strchr
strncpy
strcmp
strcat
strrchr
??3@YAXPAX@Z
_stricmp
??2@YAPAXI@Z
sprintf
strcpy
strlen

Exports

Exports

fa
fc

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdat
Size: 1024B - Virtual size: 526B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3f70bcbfaeefdd2ef363667b4b7322e

Headers

File Characteristics

Imports

kernel32

user32

wininet

msvcrt

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 476B

sdat Size: 1024B - Virtual size: 526B

.reloc Size: 1024B - Virtual size: 666B

0 Size: 5KB - Virtual size: 5KB

1 Size: 1KB - Virtual size: 1KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 476B

sdat
Size: 1024B - Virtual size: 526B

.reloc
Size: 1024B - Virtual size: 666B

0
Size: 5KB - Virtual size: 5KB

1
Size: 1KB - Virtual size: 1KB