17f72c671abaa7bcc0c928c1745f24fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17f72c671abaa7bcc0c928c1745f24fe_JaffaCakes118
Size

33KB
MD5

17f72c671abaa7bcc0c928c1745f24fe
SHA1

10eae59815f3db8422d9744f36f9b3aeedd8d803
SHA256

f37816dce448594b41f0419ac22e2bc3e8ea485f61f44605596fbcc750806a89
SHA512

d9ce8ca69f175edeba277b0df7430902af8fad2fac108eec45563bd1b73147e5e92f3b4780ccb008fb6736470618bb37dd6a091c15fc8c13761d342f2b0202c9
SSDEEP

384:EsdZMzE1ubMy2oH1RofF12EvvcLYfsXqTGVoIp+CvJI505klFK63Eob:zZMIC92oH1CF1HjfsAqoYvJa05k+yb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17f72c671abaa7bcc0c928c1745f24fe_JaffaCakes118

Files

17f72c671abaa7bcc0c928c1745f24fe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1f726f3fd764cb22457e3ea21d236f32

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
ReadFile
GetFileSize
CreateFileA
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetModuleFileNameA
GetCurrentProcessId
SetFilePointer
HeapAlloc
GetProcessHeap
GetWindowsDirectoryA
OpenProcess
GetModuleHandleA
FindClose
FindFirstFileA
GetProcAddress
VirtualQueryEx
ReadProcessMemory
GetFileAttributesW
CloseHandle
GetTempPathA
DeleteFileA
CreateThread
Sleep
InitializeCriticalSection
LoadLibraryA
FreeLibrary

user32

GetDC
GetWindowRect
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetWindowTextA
GetWindowThreadProcessId
GetClassNameW
GetWindow
wsprintfA

msvcrt

_strcmpi
_strupr
tolower
_vsnprintf
memset
sprintf
strlen
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
fclose
ftell
fseek
fopen
mbstowcs
rand
srand
time
wcslen
wcsncat
wcscpy
wcsstr
strncpy
exit
free
malloc
_except_handler3
atoi
memcmp
strstr
strrchr
memcpy
strchr
strcpy

wininet

InternetCloseHandle

gdi32

DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
CreateDCA
DeleteObject

Exports

Exports

Install
Uninstall

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f726f3fd764cb22457e3ea21d236f32

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

wininet

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 4.0MB

shared Size: 512B - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 4.0MB

shared
Size: 512B - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 8KB