108385e2b5801e4c36e70e33627af1b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

108385e2b5801e4c36e70e33627af1b0_JaffaCakes118
Size

56KB
MD5

108385e2b5801e4c36e70e33627af1b0
SHA1

2dcd318be2d3b6756ba7a4d68849d1ecdb4f7434
SHA256

0d9b0d25290f24eaa167dc35ac037c52474a0ecc922808b84513d7308167a35f
SHA512

b242b3a52a811d040bfbfdd547911d7216163eefe0236fa3f571864c84247a3873741e16d33b6c8d24a99fb4057173f32f0eb0cd40efb836980b81426ba7bfec
SSDEEP

768:xtqFob3iH5W+cx3C+j8oLG2FBLQW5dv4OuB7FLvOuw+tbylen:nqFkg5hK31j8qGeBLn5ufLvXul

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
108385e2b5801e4c36e70e33627af1b0_JaffaCakes118

Files

108385e2b5801e4c36e70e33627af1b0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dbc3e788e443b011151bf2101b07a5df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\CashCollector\HookDll\Release\HookDll.pdb

Imports

kernel32

GetWindowsDirectoryA
CloseHandle
ReadFile
HeapAlloc
GetFileSize
CreateFileA
WriteFile
GetLastError
HeapFree
lstrcmpiA
SystemTimeToFileTime
GetLocalTime
DisableThreadLibraryCalls
GetModuleFileNameA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetTickCount
WideCharToMultiByte
GetVersionExA
GetProcAddress
LoadLibraryA
lstrcatA
FlushInstructionCache
WriteProcessMemory
VirtualAlloc
ReadProcessMemory
VirtualProtect
IsBadCodePtr
GetCurrentProcess
GetModuleHandleA
Thread32Next
GetCurrentThreadId
SuspendThread
Thread32First
ResumeThread
GetCurrentProcessId
MultiByteToWideChar
GetSystemInfo
GetProcessHeap
lstrlenA
CreateToolhelp32Snapshot
lstrcpynA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
ExitProcess
GetCommandLineA
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
InitializeCriticalSection
HeapSize

user32

SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx

shlwapi

StrStrIA
StrNCatA
wnsprintfA
StrToIntA
StrStrA

Exports

Exports

SetHook

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dbc3e788e443b011151bf2101b07a5df

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 10KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 10KB