27e047b2489947d7f54a06cbd1944c05_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

27e047b2489947d7f54a06cbd1944c05_JaffaCakes118
Size

18KB
MD5

27e047b2489947d7f54a06cbd1944c05
SHA1

0e85a11069c14e22256cef58ab9d7df10b323e01
SHA256

6928178106ae882791dc4ec049eda1c1374066d7a883d61d0449d49123c62ec7
SHA512

ff630fce8862aee54859056f58aaac6d9e530dbc907c1af03cf92c5da26d563855078691e211ab238d4250b1f2d631fa92d9dbb821d230e0f0bd1c97e3885bd4
SSDEEP

192:QdebNmeEfE3iUMo2xEm/6CiNYrICLIY3P6wqkEmuvaEZq5Y8jvkBu3AvADI46UmI:QdaDEM3BjSZiAtu3Zq5xwM+6I4rp64ES

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27e047b2489947d7f54a06cbd1944c05_JaffaCakes118

Files

27e047b2489947d7f54a06cbd1944c05_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f8bb7e56e2437dae2329430edc108be5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

aaaaaaaa

GetModuleHandleW
GetProcAddress
GetModuleHandleA
GetSystemInfo
WriteProcessMemory
GetCurrentProcess
lstrcmpiA
LoadLibraryA
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
lstrcpynW
lstrcmpW
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
lstrcatW
GetModuleFileNameW
GetDateFormatW
GetTimeFormatW
CloseHandle
WriteFile
CreateFileW
GetLocalTime
DeleteFileW
GetComputerNameW
SetFileTime
SystemTimeToFileTime
GetSystemTime
lstrcmpA
GetLastError
RaiseException
InterlockedExchange
LocalAlloc
FreeLibrary
lstrlenW
lstrcmpiW
GetModuleFileNameA
GetWindowsDirectoryW
lstrcpyW
ExitProcess

user32

PostMessageW
IsWindow
SendMessageW
GetActiveWindow
MessageBoxA
GetKeyboardState
MessageBeep
GetKeyboardLayout
GetKeyState
ToUnicodeEx
GetFocus
wsprintfW
CharUpperBuffW
MessageBoxW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
GetDesktopWindow
GetClassNameW
GetWindowLongW
CallNextHookEx

advapi32

GetUserNameW

wininet

FtpPutFileW
FtpCreateDirectoryW
FtpSetCurrentDirectoryW
InternetConnectW
InternetCloseHandle
InternetOpenW

ws2_32

ntohl
gethostbyname
gethostname
WSAStartup
WSACleanup

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

msvcrt

malloc
_wcsicmp
wcslen
__CxxFrameHandler
wcscpy
wcsrchr
swprintf
swscanf
??2@YAPAXI@Z
??3@YAXPAX@Z
_itow
__dllonexit
_onexit
free
_initterm
wcscmp
_adjust_fdiv

Exports

Exports

DLL_GetProjectVersion
EnableAltInterception
EnableDiaryTracking
EnableNTInvisible
EnablePreHandle
EnableSpecialKeysLogging
SetHook
UploadLogs

Sections

zzzzzzzz
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

aaaaaaaa
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

vvvvvvvv
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxxxxxxx
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vccccccc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

ssssssss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8bb7e56e2437dae2329430edc108be5

Headers

File Characteristics

Imports

aaaaaaaa

user32

advapi32

wininet

ws2_32

imm32

msvcrt

Exports

Exports

Sections

zzzzzzzz Size: 13KB - Virtual size: 13KB

aaaaaaaa Size: 3KB - Virtual size: 3KB

vvvvvvvv Size: 1KB - Virtual size: 2KB

xxxxxxxx Size: 512B - Virtual size: 84B

vccccccc Size: 1KB - Virtual size: 1KB

ssssssss Size: - Virtual size: 4KB

zzzzzzzz
Size: 13KB - Virtual size: 13KB

aaaaaaaa
Size: 3KB - Virtual size: 3KB

vvvvvvvv
Size: 1KB - Virtual size: 2KB

xxxxxxxx
Size: 512B - Virtual size: 84B

vccccccc
Size: 1KB - Virtual size: 1KB

ssssssss
Size: - Virtual size: 4KB