ffc30955b560b75af4bbd89589c7ddbd_JaffaCakes118

General

Target

ffc30955b560b75af4bbd89589c7ddbd_JaffaCakes118
Size

24KB
MD5

ffc30955b560b75af4bbd89589c7ddbd
SHA1

8f7d5dc9826244481b456786e0e7dede1d050eae
SHA256

1f50eacd447711aaaac3113cca0524179326437a3791449c754f1693ac27ff3f
SHA512

ce1f06e4c265ab3ae9be8a08ded0b53dde520138008c96e4270590941981a9e0d3fc64056b15e8f02d930f3304dcc65b34aba8c62fff3458da1e44f255656d68
SSDEEP

768:3/x4ijY0wy7SpDuslXmNQqWgLa1I2Y9q:3/xfY6uDuiqzLa22Y9q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffc30955b560b75af4bbd89589c7ddbd_JaffaCakes118

Files

ffc30955b560b75af4bbd89589c7ddbd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d1254b826dc57c7c2e1cdd4a9a1c2e8b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

send
inet_ntoa
getpeername

shell32

ord680

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegNotifyChangeKeyValue
RegOpenKeyExA

user32

SetWindowsHookExA
SetWindowTextA
SendMessageA
IsWindowVisible
GetWindowTextA
GetParent
GetFocus
GetClassNameA
FindWindowA
EnumChildWindows
CharLowerBuffA
CallWindowProcA
CallNextHookEx
wsprintfA

kernel32

RtlZeroMemory
SetFileAttributesA
DeleteFileA
RtlMoveMemory
ReadFile
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteProcessMemory
WriteFile
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
Sleep
CloseHandle
CreateFileA
GlobalFindAtomA
GetCurrentProcess
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempPathA
SetFilePointer

shlwapi

StrStrIA
StrToIntA
StrTrimA
StrStrA

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1254b826dc57c7c2e1cdd4a9a1c2e8b

Headers

File Characteristics

Imports

wsock32

shell32

advapi32

user32

kernel32

shlwapi

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB