44de1ca3795f070d54a5fdc4a0ac7acd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44de1ca3795f070d54a5fdc4a0ac7acd_JaffaCakes118
Size

200KB
MD5

44de1ca3795f070d54a5fdc4a0ac7acd
SHA1

d5641ca1a2b871be6c50e1c620ccdd9371b21ea3
SHA256

74f95dfd6f68c1a2593aee975350e4c2da90ad168af217e1aa33ef1ff00dfae2
SHA512

90c2473f4a8e9707f192f4af3b2181a0bc51d2157b19e2372a117d051fbdc84245c6b7725d47c65b7c6cbc67f3b906887689f87201eaa9e048f1e21149e95093
SSDEEP

3072:gVy+WOE9c/St/A5+Emfrcd2pwhkcMEtkSQOP5ZGT+xUiYsKKFL4BYzaQ:gV1WOu65+EnEHdOP54KxUJS94q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44de1ca3795f070d54a5fdc4a0ac7acd_JaffaCakes118

Files

44de1ca3795f070d54a5fdc4a0ac7acd_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e8d0c816b9deb0d0099514fab4e2d5d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\opt\hudson\jobs\AM-night\workspace\trunk\Program\bin\Release\swkbhk.pdb

Imports

imm32

ImmIsIME
ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmGetVirtualKey

kernel32

GetCurrentThreadId
OutputDebugStringA
GetLastError
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
FreeLibrary
GetConsoleMode
GetConsoleCP
SetFilePointer
SetConsoleCtrlHandler
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
InterlockedCompareExchange
MultiByteToWideChar
RtlUnwind
RaiseException
HeapFree
GetCommandLineA
HeapAlloc
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThread
GetProcAddress
HeapCreate
HeapDestroy
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetModuleFileNameW
GetLocaleInfoW
FatalAppExitA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
FlushFileBuffers

user32

UnhookWindowsHookEx
SetWindowsHookExW
GetMessageTime
CallNextHookEx
GetKeyboardState
ToUnicode
PostMessageW
SetKeyboardState
GetGUIThreadInfo
keybd_event
GetKeyboardLayout
GetFocus
IsWindow

Exports

Exports

?InstallHook@@YAHPAUHWND__@@@Z
?ReleaseHook@@YAHXZ

Sections

.text
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shdata
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8d0c816b9deb0d0099514fab4e2d5d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 159KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 13KB

shdata Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 159KB - Virtual size: 159KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 13KB

shdata
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB