f7be803871dc923993fac10229019a55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f7be803871dc923993fac10229019a55_JaffaCakes118
Size

152KB
MD5

f7be803871dc923993fac10229019a55
SHA1

f90a31656dd09da1ab651d94f8a0c487cfe14fc5
SHA256

41c597c635ea7375147590e68969720a690a355828f6aac74810aa8e290e76b9
SHA512

6878bd92ae5fc4c643e433cf45b02b2216ab1327966882ef6697909d102d134b297f476f5e401c3aac9f102f6f4ff1a48b0da1014edc0e1d36597adb10bedc3e
SSDEEP

3072:7gE1fmfJlufsQtydV+n2SbL0Zap8OVAgRDuF9CHJRUT:7wfJlusQW+n2Sn0Zg8ngRDTH7UT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7be803871dc923993fac10229019a55_JaffaCakes118

Files

f7be803871dc923993fac10229019a55_JaffaCakes118
.dll windows:4 windows x86 arch:x86

01e22600619a01a6e071029d04e2f5bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
LoadLibraryA
InterlockedCompareExchange
GetCurrentProcess
ExitProcess
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetComputerNameA
GlobalFree
CreateFileA
GetProcAddress
WriteFile
ReadProcessMemory
OpenFileMappingA
InterlockedIncrement
LocalFree
MapViewOfFile
CreateDirectoryA
CreateEventA
GetModuleHandleA
TerminateProcess
GetTickCount
CreateProcessA
HeapAlloc
GetCommandLineA
GetLastError
GetModuleFileNameA
OpenEventA
Sleep
CreateFileMappingA
InterlockedDecrement
GlobalAlloc
UnmapViewOfFile
CopyFileA
HeapFree
SetLastError
WaitForSingleObject
GetProcessHeap
GetVolumeInformationA

ole32

CoCreateInstance
OleCreate
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
CoInitialize
OleSetContainedObject

user32

SetWindowLongA
GetWindowThreadProcessId
SetWindowsHookExA
ScreenToClient
RegisterWindowMessageA
ClientToScreen
PostQuitMessage
PeekMessageA
GetSystemMetrics
CreateWindowExA
GetCursorPos
DestroyWindow
SetTimer
TranslateMessage
SendMessageA
GetMessageA
DispatchMessageA
GetClassNameA
GetWindowLongA
DefWindowProcA
KillTimer
GetParent
GetWindow
UnhookWindowsHookEx
FindWindowA

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

GetUserNameA
RegDeleteKeyA
DuplicateTokenEx
RegSetValueExA
SetTokenInformation
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
RegOpenKeyExA
RegDeleteValueA

shell32

SHGetFolderPathA

Exports

Exports

msEventServices

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lxsvij
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01e22600619a01a6e071029d04e2f5bd

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 988B

lxsvij Size: 4KB - Virtual size: 8B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 988B

lxsvij
Size: 4KB - Virtual size: 8B

.reloc
Size: 8KB - Virtual size: 6KB