05c995077e55d56e2705f0e3b6b3b7a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05c995077e55d56e2705f0e3b6b3b7a2_JaffaCakes118
Size

100KB
MD5

05c995077e55d56e2705f0e3b6b3b7a2
SHA1

58539c75a75b6945c63662273a2ad7a3a2fb6290
SHA256

a8e774a92e6e56529b12a06f358f24365a80e071adba3f65ec6b8290fc854763
SHA512

95e5c7cc626bd65009c8a7ccfc3b821ff80a9d7fbc7ccd2b2022d574c7c76c1219ae712430ee8e2879e79287378d8d4aaa098d49b1171f8bf5b0d780b57ee32b
SSDEEP

1536:Dnys5590LogsjTKSH7E+tDSpx9hqBqF3KlBniV14b6:Dnym59Qogsa+tDSpfh1F3KlBni66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05c995077e55d56e2705f0e3b6b3b7a2_JaffaCakes118

Files

05c995077e55d56e2705f0e3b6b3b7a2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

951beaab738a622de9aac0945e7b0c37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
WriteFile
ReadFile
GetFileSize
CreateFileA
GetModuleFileNameA
GetSystemDefaultLangID
TerminateProcess
GetCurrentProcess
LoadLibraryA
SetFilePointer
InterlockedExchange
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
Sleep
GetStringTypeW
GetStringTypeA
InterlockedIncrement
InterlockedDecrement
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RaiseException

user32

GetFocus
SetFocus
GetWindowTextA
GetDlgItemTextA
IsWindowVisible
CallWindowProcA
SetWindowLongA
GetClassNameA
MessageBoxA
SendMessageA
CallNextHookEx
SetWindowsHookExA
FindWindowA
PostMessageA
IsWindow
CreateDialogParamA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
DefWindowProcA
PostQuitMessage
UnhookWindowsHookEx

Exports

Exports

ExecFilter
spie_StartHook
spie_StopHook

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

951beaab738a622de9aac0945e7b0c37

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 8KB - Virtual size: 13KB

Shared Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 13KB

Shared
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 6KB