1508caa6036173fea000c70e9fd03496_JaffaCakes118

General

Target

1508caa6036173fea000c70e9fd03496_JaffaCakes118
Size

10KB
MD5

1508caa6036173fea000c70e9fd03496
SHA1

82468ecaebd79354029e01fe12988ac26a1045be
SHA256

233824212110f419f482c433be6f21d05a6d68688be2bc13121b75a8de8cfc5a
SHA512

b8bb3c1d0ad864bb69f468b3d642877fd1aedfe55886088248798db5067220f3abef9cd28cb2efd3e66a9ebf56307b27b930907312e6e04f1f4d0a9ea0f9fe89
SSDEEP

192:okrGX9+Ka+OPFtwG/oro/d29cK58ripnnKult1PwkHJTjlbae6dRQc:ok+9+NHFtz/dKcK6r2nTPlejl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1508caa6036173fea000c70e9fd03496_JaffaCakes118

Files

1508caa6036173fea000c70e9fd03496_JaffaCakes118
.dll windows:1 windows x86 arch:x86

298c492e3a5a516193118501d2e5a68a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileMappingA
CreateProcessA
CreateThread
ExitProcess
FreeLibraryAndExitThread
GetFileSize
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
LoadLibraryA
LocalAlloc
MapViewOfFile
OpenEventA
Sleep
TerminateThread
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WaitForSingleObject
WinExec
WriteFile
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
lstrlenW

user32

DefWindowProcW
FindWindowW
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
wsprintfA

advapi32

CloseServiceHandle
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
RegCloseKey
RegDeleteValueA
RegOpenKeyA
RegSetValueExA

ws2_32

WSASocketA
closesocket
connect
gethostbyname
ioctlsocket
ntohs
recv
select
send
setsockopt
socket

wininet

InternetConnectA

wintrust

WinVerifyTrust

shell32

ShellExecuteA
StrRChrA

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

298c492e3a5a516193118501d2e5a68a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wininet

wintrust

shell32

icmp

Exports

Exports

Sections

.code Size: 8KB - Virtual size: 8KB

.reloc Size: 1024B - Virtual size: 592B

.code
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1024B - Virtual size: 592B