f5a29264dce96673a5f1e0c0412704b2_JaffaCakes118

General

Target

f5a29264dce96673a5f1e0c0412704b2_JaffaCakes118
Size

32KB
MD5

f5a29264dce96673a5f1e0c0412704b2
SHA1

e2ba6af1e2e7fb85e1ce2de295fa9c33a42fa5a5
SHA256

ff3625f96cec592be77821e3af1258fd757f446f25c06685176cd108c6e0c1fb
SHA512

ebce7e2f34a8497976566b9ebd3f630c3dd29c4e46965b403c4459804e35519cd9f7cb4310453654ac65b14a7f97154d784dc03e99d03eb9a691357ca799ff33
SSDEEP

192:UBHc/I5nzwyH0YfZoTxp3jLUyd2bmksTPfQnr9svlObvXHB/cqjhwuNqq5Guxvd:qHc/I5nPR83Z2ZsrMCvlObv3HLk4GuxV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5a29264dce96673a5f1e0c0412704b2_JaffaCakes118

Files

f5a29264dce96673a5f1e0c0412704b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba1eb1732e729e9d416091498151a851

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord535
ord6663
ord539
ord940
ord939
ord941
ord1158
ord540
ord2818
ord4278
ord858
ord860
ord2764
ord537
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
strstr
__CxxFrameHandler

kernel32

SetFilePointer
OpenProcess
CreateThread
CloseHandle
GetModuleFileNameA
Sleep
ReadProcessMemory
ReadFile
GetFileSize
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcessId

user32

TranslateMessage
GetMessageA
SetWindowsHookExA
CallNextHookEx
IsWindowVisible
SendMessageA
DispatchMessageA
FindWindowExA
SendMessageTimeoutA
RegisterWindowMessageA
GetForegroundWindow
UnhookWindowsHookEx
GetClassNameA

ws2_32

send
connect
htons
socket
gethostbyname
WSAStartup
recv
closesocket

ole32

CoUninitialize
CoInitialize

oleaut32

VariantClear

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba1eb1732e729e9d416091498151a851

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

ws2_32

ole32

oleaut32

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 196KB

.SHARDAT Size: 4KB - Virtual size: 4B

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 196KB

.SHARDAT
Size: 4KB - Virtual size: 4B

.reloc
Size: 4KB - Virtual size: 1KB