2b95f9cf45517d6578b33d307ca1f06d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b95f9cf45517d6578b33d307ca1f06d_JaffaCakes118
Size

19KB
MD5

2b95f9cf45517d6578b33d307ca1f06d
SHA1

af4cb094cd574d53dd8ffe40e6402b9e23ae4e2a
SHA256

9dc3f741d9bd6cb804a5ad33874d0abf616c22e974cde08c9427d177b3d2d94d
SHA512

c81be5c8a0fb6313e7c59741302570562bdc439f25c052cc287e53ba44a7740c900455beb4d320adf30d21da3f9a0a787684cd00935909aefa92396aa8472689
SSDEEP

384:8OCH2Wh6ePJAoPCerJlthDFmSSgDctegEI:8B2gKoKQJlf8gDsep

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b95f9cf45517d6578b33d307ca1f06d_JaffaCakes118

Files

2b95f9cf45517d6578b33d307ca1f06d_JaffaCakes118
.dll windows:1 windows x86 arch:x86

d970b5c71c4dbd6b3ec66a8015a8a86d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateFileMappingA
CreateMutexA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
HeapAlloc
HeapFree
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
OpenFileMappingA
RemoveDirectoryA
ResetEvent
SearchPathA
SetEvent
SetFilePointer
Sleep
SleepEx
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetQueryDataAvailable

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
ShellExecuteExA
StrRChrA

ntdll

RtlAdjustPrivilege

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

d970b5c71c4dbd6b3ec66a8015a8a86d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Exports

Exports

Sections

.data Size: 2KB - Virtual size: 1KB

.code Size: 15KB - Virtual size: 14KB

.reloc Size: 1KB - Virtual size: 1KB

.data
Size: 2KB - Virtual size: 1KB

.code
Size: 15KB - Virtual size: 14KB

.reloc
Size: 1KB - Virtual size: 1KB