2e2790a87ac9e2ef9583e36609308b68_JaffaCakes118

General

Target

2e2790a87ac9e2ef9583e36609308b68_JaffaCakes118
Size

32KB
MD5

2e2790a87ac9e2ef9583e36609308b68
SHA1

c224bfe9c920bb1eb0b7ccbef019ddc2549cd200
SHA256

6d9c031f7e1bbf8cba5575d6c5b9ad8fb3861a115043cc07651e1be4a1beb484
SHA512

e3f09a828b8b4825d0bc1e5d3266d1949ae908c6d3e06f842e1fd52432498ffe8764399f92d2e5c2b911e7bf57cd0a05fd8a1b6bc8d0a37ac7b0d4d73d03971e
SSDEEP

384:lQHejeETXLLxJ507mlvZysfqy7XJxo9Dp4jB+k/:ljeETXvR0WRi8XJxo9Dp4jB+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e2790a87ac9e2ef9583e36609308b68_JaffaCakes118

Files

2e2790a87ac9e2ef9583e36609308b68_JaffaCakes118
.dll windows:4 windows x86 arch:x86

954ea2e32339a1a0b582a7f0848202e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetStringTypeW
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
GetModuleHandleA
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind

user32

UnhookWindowsHookEx
SetWindowsHookExA
DialogBoxParamA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
SetDlgItemTextA
GetDlgCtrlID
GetDlgItem
SetFocus

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

Exports

Exports

BagaHooku
ScoateHooku

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

954ea2e32339a1a0b582a7f0848202e2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB