2c21d7c6f83cff51f8c395b3deb3d946_JaffaCakes118

General

Target

2c21d7c6f83cff51f8c395b3deb3d946_JaffaCakes118
Size

40KB
MD5

2c21d7c6f83cff51f8c395b3deb3d946
SHA1

2bd268038c1628ff39041855ea0565c607ca74e2
SHA256

9d0dd7025ef376c7c726ac6d189394a52778e4aa9e46635d343dfae9f864b55a
SHA512

d482d91946200c5e7cd838b2dd9c30432473d76ce28300f2bfbd95545ccda1b3626555910c27e3f37492518cd427683795b48c99e78108fe4b37ae01813dc06c
SSDEEP

384:PVX7/VB6q5IRKZ43ObtT6IBQ+p8JmVbA76sHNhAueGvw:PVXf4KaObtmAxbBsHNyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c21d7c6f83cff51f8c395b3deb3d946_JaffaCakes118

Files

2c21d7c6f83cff51f8c395b3deb3d946_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6eaa5a7c94cc920aef7e7690872a3182

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetCurrentThreadId
lstrcmpiW
lstrlenW
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
GetTickCount
GetCurrentProcessId
CloseHandle
CreateToolhelp32Snapshot
Sleep
Thread32Next
Thread32First
GetCommandLineA
CreateThread
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
VirtualFree
GlobalAlloc
GlobalFree
OutputDebugStringA
GetVersionExA
GetModuleFileNameA

user32

UnhookWindowsHookEx
SetWindowsHookExA
WindowFromPoint
GetClassNameA
ScreenToClient
CallNextHookEx
SendMessageTimeoutA
GetFocus
CallWindowProcA
GetForegroundWindow
RegisterWindowMessageA
SendMessageA
IsWindow
SetWindowLongA
GetWindowLongA

ole32

CLSIDFromString
CoInitialize

oleaut32

SysFreeString
SysStringLen

msvcrt

mbstowcs
strcpy
strstr
_snprintf
strcmp
strcat
strlen
free
_initterm
_adjust_fdiv
memset
__CxxFrameHandler
_strlwr
malloc

netapi32

Netbios

wsock32

recv
send
setsockopt
WSACleanup
closesocket
connect
ioctlsocket
htons
socket
WSAStartup
inet_addr
gethostname
gethostbyname

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6eaa5a7c94cc920aef7e7690872a3182

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

msvcrt

netapi32

wsock32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 2KB