f98b7893be8f4c59fa27fb31cb475398_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f98b7893be8f4c59fa27fb31cb475398_JaffaCakes118
Size

632KB
MD5

f98b7893be8f4c59fa27fb31cb475398
SHA1

e98c62533f88d3357a1f7e887ea813bbe5a319b1
SHA256

47ac4bdb4cc54f91b04b27eb55b92298756065106b28f2d999f69ef4472ab567
SHA512

bc4bec851f2d92db32cdef6c0f325a7596cc59ab4c79ce9b62d474299ed4c0465f46f88f51c2eb911ed9547a244b5bfa4793e307998602281ff61a05a6f48048
SSDEEP

6144:+D1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1NuD1U:+SSSSSSSSSSSSSSSSSSSSSS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f98b7893be8f4c59fa27fb31cb475398_JaffaCakes118

Files

f98b7893be8f4c59fa27fb31cb475398_JaffaCakes118
.dll windows:4 windows x86 arch:x86

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

ToAscii
SendInput
MapVirtualKeyA
GetWindowTextA
GetKeyboardState
GetForegroundWindow
GetDC
wsprintfA
GetClientRect

kernel32

GetCurrentProcess
GetExitCodeThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
GetWindowsDirectoryA
GlobalAlloc
LoadLibraryA
MultiByteToWideChar
OpenProcess
CloseHandle
RtlMoveMemory
RtlZeroMemory
SetFileAttributesA
ExitThread
Sleep
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtectEx
WaitForSingleObject
WideCharToMultiByte
WriteProcessMemory
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
DisableThreadLibraryCalls
DeleteFileA
CreateThread
CreateRemoteThread
SetFilePointer
CreateFileA
ReadFile

advapi32

RegQueryValueExA

shlwapi

StrChrA
StrStrA

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
CreateCompatibleBitmap

ole32

CLSIDFromString

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup

ws2_32

closesocket
connect
gethostbyname
inet_addr
ntohs
recv
send
socket
WSAStartup
WSACleanup

msvcrt

strrchr

Exports

Exports

EnHookWindow
UninstallHook
sub_getmessage
sub_keyboard
sub_mouse
sub_pic

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

556a4a53723781ac919d92d2f9029c88

Headers

File Characteristics

Imports

user32

kernel32

advapi32

shlwapi

gdi32

ole32

gdiplus

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.bss Size: - Virtual size: 16B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 13KB - Virtual size: 13KB

.bss
Size: - Virtual size: 16B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 2KB - Virtual size: 2KB