067eec53fc6768f862ba04a3b2b4bd53_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

067eec53fc6768f862ba04a3b2b4bd53_JaffaCakes118
Size

77KB
MD5

067eec53fc6768f862ba04a3b2b4bd53
SHA1

15056a46409dce313bd19cccdd32b59e1b333270
SHA256

019e096f9c3fe91a1ad641ced717e67d90627dbe57520132e057569c336367ff
SHA512

0976ee3c39ee8352c996e5b42012aa879c6c7de7f4fc59967431abf40e001ea2f8e5de34c592d7dcde421c023e3fcc35fe18b40694173b497c8df5b4930f2433
SSDEEP

1536:gpRUKYsA0ujaMYjo3dUdc4YbKoMUb9eoiUhvZJ5N5bJwoCTcrxD:gpR/ujUjoadcVm4pe9uvZ/Nrrx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067eec53fc6768f862ba04a3b2b4bd53_JaffaCakes118

Files

067eec53fc6768f862ba04a3b2b4bd53_JaffaCakes118
.dll windows:4 windows x86 arch:x86

224cea5a17e1581922c094462b09e805

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetModuleFileNameA
WideCharToMultiByte
ReadProcessMemory
LoadLibraryA
Sleep
GetTempPathA
SetThreadPriority
GetFileSize
ReadFile
CreateFileA
GetProcessHeap
HeapAlloc
OpenProcess
GetTickCount
VirtualProtect
WritePrivateProfileStringA
GetCurrentThreadId
GetCurrentProcessId
InterlockedCompareExchange
GetPrivateProfileStringA
lstrcpynA
GetCommandLineA
GetLastError
CreateMutexA
TerminateProcess
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
CloseHandle
GetCurrentProcess
lstrcmpiA
InterlockedExchange
DeleteCriticalSection
GetProcAddress

msvcrt

strcat
malloc
_except_handler3
strchr
_vsnprintf
isspace
isalnum
sprintf
_strdup
atoi
wcsncpy
wcscat
exit
realloc
isdigit
isalpha
__dllonexit
_onexit
_initterm
_adjust_fdiv
_wcsnicmp
_wcsupr
_itoa
_strcmpi
strncpy
wcsstr
wcslen
wcsncat
wcscpy
free
strcpy
_strlwr
strstr
strlen
mbstowcs
wcscmp
_stricmp
memcpy
__CxxFrameHandler
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
strrchr
_strupr

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

wsock32

socket
closesocket
gethostbyname
send
WSAStartup
recv
htons
connect

user32

EnumChildWindows
SetFocus
SendMessageA
GetTopWindow
GetWindowTextA
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyState
GetClassNameA
GetWindowLongA
GetWindow
GetClassNameW
GetForegroundWindow
wsprintfA
ToAscii
GetKeyboardState
GetFocus
FindWindowA
CallNextHookEx
GetCaretPos
AttachThreadInput
GetWindowThreadProcessId

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.upx0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.upx1
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

224cea5a17e1581922c094462b09e805

Headers

File Characteristics

Imports

kernel32

msvcrt

gdiplus

gdi32

wsock32

user32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 9KB

.upx0 Size: 3KB - Virtual size: 2KB

.upx1 Size: 32KB - Virtual size: 31KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 9KB

.upx0
Size: 3KB - Virtual size: 2KB

.upx1
Size: 32KB - Virtual size: 31KB

.reloc
Size: 2KB - Virtual size: 2KB