06a80fb3913d3f21185592fe5b65a700_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06a80fb3913d3f21185592fe5b65a700_JaffaCakes118
Size

27KB
MD5

06a80fb3913d3f21185592fe5b65a700
SHA1

46e0e63c17e89066bf28ad87184b8cd6f681ec81
SHA256

6bf3839ffc2e77a3e288203322b363680fa860202d78a272ddada4f487334e6d
SHA512

ad58d47c2eb18869e44c38052439670b6c19bb8e7d5874b595bde6b73485650de6f7dc7077df5904179800c8cc9f51b01a25a45861185ffd3b36ed6a869ff73e
SSDEEP

384:idw6HpDXeUSfy15JjSw8ZcoiVyvYwFXq2X6qgRSlyroM063gttxLZ:rYzsCdSFclVg1q2KqgclZFPtt/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06a80fb3913d3f21185592fe5b65a700_JaffaCakes118

Files

06a80fb3913d3f21185592fe5b65a700_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2066199bec66f22cbcaec51d18ced523

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
CloseHandle
GetFileAttributesW
ReadProcessMemory
VirtualQueryEx
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
Thread32Next
TerminateThread
Thread32First
CreateToolhelp32Snapshot
SetFilePointer
HeapAlloc
GetProcAddress
DeleteFileA
GetLastError
FindClose
FindFirstFileA
FreeLibrary
GetPrivateProfileStringA
OpenProcess
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
Sleep
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
CreateThread
GetProcessHeap
LoadLibraryA

user32

GetDC
GetWindowRect
UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameW
wsprintfA
GetWindowThreadProcessId
GetForegroundWindow
GetWindowTextA
GetWindow
CallNextHookEx

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

msvcrt

_local_unwind2
_strcmpi
_strupr
tolower
_vsnprintf
free
strcpy
memset
malloc
sprintf
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
rand
srand
time
wcslen
strstr
wcsncat
wcscpy
wcsstr
strncpy
exit
memcpy
_except_handler3
strrchr
strlen

wininet

InternetCloseHandle

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2066199bec66f22cbcaec51d18ced523

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

wininet

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 2KB

shared Size: 512B - Virtual size: 4B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 2KB - Virtual size: 1KB