1184ac5e4e1384760ddfe261db83d77b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1184ac5e4e1384760ddfe261db83d77b_JaffaCakes118
Size

482KB
MD5

1184ac5e4e1384760ddfe261db83d77b
SHA1

56be2de7c7bd61881212fc743284e123e383cd68
SHA256

ea2bf7d277cc1ddc398bf8b19a18f00cc4fb976c036f703244493f178c16f501
SHA512

5ebeea01fc332cf164ee809b6b698012ce69d5be16f0f9f8c3a8c9da986199a9e4b408bca4e031e2c4e95929a685bdd8632e3b18c6cf7290494a6f17747f36b1
SSDEEP

6144:pRWSbxXy6vkwEPAKRjAtF/AjA/yRPGBfg51ZU1r8WN0pzRLX:pRhbIwk/RjRjiRg5T48WN0x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1184ac5e4e1384760ddfe261db83d77b_JaffaCakes118

Files

1184ac5e4e1384760ddfe261db83d77b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

40f411b716134bc184d0cf85acfd6179

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA

comctl32

InitCommonControls

kernel32

AddAtomA
Beep
CloseHandle
CreateFileA
CreateSemaphoreA
CreateThread
DeleteFileA
ExitProcess
FindAtomA
FlushInstructionCache
FreeLibrary
FreeLibraryAndExitThread
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LockFile
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnlockFile
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WinExec

msvcrt

__dllonexit
__mb_cur_max
_assert
_controlfp
_errno
_filelengthi64
_get_osfhandle
_iob
_isctype
_mkdir
_pctype
_putenv
abort
calloc
exit
fclose
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fread
free
freopen
fseek
fsetpos
ftell
fwrite
getenv
malloc
rand
realloc
remove
rewind
setvbuf
srand
strtod

ntdll

_itoa
_snprintf
_stricmp
_ultoa
mbstowcs
memcpy
memmove
memset
strcmp
strlen
tolower
wcslen
wcsncmp

shell32

ShellExecuteA

user32

CallNextHookEx
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
EnumWindows
FindWindowA
FindWindowExA
GetClassNameA
GetClientRect
GetDlgItem
GetParent
GetWindowLongA
GetWindowTextA
GetWindowThreadProcessId
IsWindowEnabled
KillTimer
LoadCursorA
LoadIconA
MessageBoxA
MoveWindow
PeekMessageA
RegisterClassExA
SendDlgItemMessageA
SendMessageA
SetActiveWindow
SetTimer
SetWindowLongA
SetWindowTextA
SetWindowsHookExA
ShowWindow
TranslateMessage

ws2_32

recv
send
sendto

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
RasDialsA
ftsWordBreak

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tmp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

40f411b716134bc184d0cf85acfd6179

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msvcrt

ntdll

shell32

user32

ws2_32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 84KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 364KB - Virtual size: 364KB

.reloc Size: 4KB - Virtual size: 4KB

tmp Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 84KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 364KB - Virtual size: 364KB

.reloc
Size: 4KB - Virtual size: 4KB

tmp
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB