f5b38ac332fc21880b0c26315f1ca629_JaffaCakes118

General

Target

f5b38ac332fc21880b0c26315f1ca629_JaffaCakes118
Size

29KB
MD5

f5b38ac332fc21880b0c26315f1ca629
SHA1

73e295901aaa559b0a0ba1cc28ae4252d85f15d6
SHA256

5b2f57b778e16878ec5f513ee584731e9b1dbe52ef11aa66594f704cdcfba4a0
SHA512

a0e1d6ab6ec5815b67269f295146c00623fa402d52c49d9cf154364c48a8b67e51deef85c0cc24b5cda08d9eab1244e4c6acadde90be887cae505eeb09f6eae0
SSDEEP

192:oKF6WaH/nmHbANqDlJomiXS3dn29S2SwoJ2+k56angwP:v0mHbA+lCmiXSNn29SAE2+FqP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5b38ac332fc21880b0c26315f1ca629_JaffaCakes118

Files

f5b38ac332fc21880b0c26315f1ca629_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f93f736c04f08a6cfb964aed7739d31b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetWindowsDirectoryA
GetProcAddress
Sleep
CreateFileA
lstrcatA
ReadFile
GetCurrentProcessId
GetModuleHandleA
LocalAlloc
CreateThread
GetModuleFileNameA
Module32Next
Module32First
lstrlenA
ReadProcessMemory
OpenProcess
VirtualProtectEx
VirtualProtect
WriteProcessMemory
CreateToolhelp32Snapshot
CloseHandle

user32

GetForegroundWindow
GetWindowThreadProcessId
EnumWindows
wsprintfA
GetWindowTextA

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

shlwapi

StrStrIA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

msvcrt

_except_handler3
strrchr
_purecall
__CxxFrameHandler
isprint
strncat
_ltoa
strstr
??2@YAPAXI@Z
??3@YAXPAX@Z

Sections

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f93f736c04f08a6cfb964aed7739d31b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

wininet

msvcrt

Sections

.bss Size: - Virtual size: 16KB

.data Size: 14KB - Virtual size: 13KB

shard Size: 12KB - Virtual size: 11KB

.reloc Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 16KB

.data
Size: 14KB - Virtual size: 13KB

shard
Size: 12KB - Virtual size: 11KB

.reloc
Size: 2KB - Virtual size: 1KB