543299ae07fba1877bdbcb681b93b80b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

543299ae07fba1877bdbcb681b93b80b_JaffaCakes118
Size

22KB
MD5

543299ae07fba1877bdbcb681b93b80b
SHA1

fefc4ee9e8b6a89f8232557057fad288aa88d735
SHA256

7d9e66f7e5b67f8a04098744e37b0dfe0ab45538624cddcf33cd8423a07d8ce9
SHA512

0a12e12f036e1db5c49b53e2e7c41f6e38b167a046aabc693fb4fe0982ba8c70f5720278a01851c9e60db28418f05950c17fa7f1fa5092a0e305beed730a3580
SSDEEP

384:SRLN+FmF4JslUfwnd3yV9eudKZxSyF6Sq:SpN4mF7Ufw1c9bDSq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
543299ae07fba1877bdbcb681b93b80b_JaffaCakes118

Files

543299ae07fba1877bdbcb681b93b80b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dd4bb686cb9c59686831a46a6d6f1c34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_initterm
free
fseek
fread
strcat
memcpy
strchr
fopen
fclose
strncpy
rand
time
atoi
_getpid
_strlwr
_stricmp
strrchr
malloc
wcscmp
strstr
_beginthreadex
__CxxFrameHandler
abs
strcmp
strcpy
sprintf
memset
strlen
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetFileAttributesA
CopyFileA
GetModuleFileNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
WaitForSingleObject
GetFileSize
ExitProcess
GetModuleHandleA
VirtualProtect
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
GetPrivateProfileStringA
GetCurrentDirectoryA
CreateThread
IsBadReadPtr
MultiByteToWideChar
GetSystemDirectoryA
Sleep
GetProcAddress
LoadLibraryA
CloseHandle

user32

RegisterWindowMessageA
GetClientRect
GetDC
CallWindowProcA
GetClassNameA
ReleaseDC
GetWindowRect
GetDesktopWindow
DeregisterShellHookWindow
SetWindowLongA
RegisterShellHookWindow
GetWindowTextA
GetParent
GetWindowThreadProcessId
EnumWindows

ws2_32

send
recv
socket
inet_addr
htons
connect
closesocket
gethostbyname
WSAStartup
inet_ntoa
WSACleanup

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
BitBlt
GetDIBits
RealizePalette
SelectPalette
GetStockObject
GetObjectA
DeleteDC
GetDeviceCaps
CreateDCA

gdiplus

GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile

Exports

Exports

KsCreateAllocator
KsCreatePin
KsCreateTopologyNode

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.muma
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd4bb686cb9c59686831a46a6d6f1c34

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

wininet

gdi32

gdiplus

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 640KB

.muma Size: 512B - Virtual size: 4B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 640KB

.muma
Size: 512B - Virtual size: 4B

.reloc
Size: 3KB - Virtual size: 2KB