0351451f62268c0ad729d5254050cd39_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0351451f62268c0ad729d5254050cd39_JaffaCakes118
Size

23KB
MD5

0351451f62268c0ad729d5254050cd39
SHA1

e271843573e791b5b98ad1e4d01b4b1d2fbd028a
SHA256

bdba830dac1514e6545d8e415265e2b17639c8acf507e042d7277a2dfc2db9e7
SHA512

e07e797ebf8f43ddbcac01df2bb4b316237080245ef3eb6dcdcc685dd1f999828dad1baa0eeea71756dcefa9b11b195d8f71e4e5fcb9debae7911dcd89b403e7
SSDEEP

384:WHcWiNAEkl6hQSM5YZncVn+30RbVdE9+e+l5lqC631/hiT:WHcWcSNAZcV+4pe9+b5Hqa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0351451f62268c0ad729d5254050cd39_JaffaCakes118

Files

0351451f62268c0ad729d5254050cd39_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d3591a9c013cdf950152cee9831c4067

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
SetFilePointer
OutputDebugStringA
HeapAlloc
GetProcessHeap
GetWindowsDirectoryA
GetProcAddress
DeleteFileA
GetModuleHandleA
FindClose
FindFirstFileA
FreeLibrary
GetModuleFileNameA
Sleep
CloseHandle
EnterCriticalSection
LeaveCriticalSection
OpenProcess
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
LoadLibraryA

user32

GetDC
GetWindowRect
wsprintfA
GetWindowTextA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetClassNameW
GetWindow
FindWindowA

msvcrt

_strupr
_strcmpi
free
strcpy
memset
malloc
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
strlen
_except_handler3
strncpy
strchr
rand
srand
time
wcslen
strstr
wcsncat
wcscpy
wcsstr
exit
printf
sprintf
memcpy
strrchr
_local_unwind2
tolower
_vsnprintf

wininet

InternetCloseHandle

iphlpapi

GetAdaptersInfo

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3591a9c013cdf950152cee9831c4067

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wininet

iphlpapi

gdi32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

shared Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 1KB