067ea879148f30880f890f20d07a00ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

067ea879148f30880f890f20d07a00ef_JaffaCakes118
Size

124KB
MD5

067ea879148f30880f890f20d07a00ef
SHA1

fd60f2590647836b288d01a7039e0320672e821c
SHA256

203a3a04504c0fcf09a4ba14ae79214d696cd6cf32d5453278a460334d292437
SHA512

61455de0f23384129510cb51e2c2b615af2169bf85cb6afb70961b6d860143ffa0579a1cdc8a687545247fbffe8ec2c45d3b7b4ee7ba4185af45431f7d686b15
SSDEEP

1536:GL8pwaDNNYKjQNk3lQiWaZeRb0gDp5NzWG0l8yw4X/AEEVt0LLwkiBhNMaVoAZo:sKNyiWhbx3Ny7LI50vIhSaqAZo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
067ea879148f30880f890f20d07a00ef_JaffaCakes118

Files

067ea879148f30880f890f20d07a00ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f7e95ecd6fc062033477f9a41c7da384

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetComputerNameA
CreateFileMappingA
GetModuleHandleA
InterlockedIncrement
SetLastError
WriteFile
CreateProcessA
Sleep
LocalFree
MapViewOfFile
GetLastError
CloseHandle
OpenEventA
CreateDirectoryA
lstrlenW
LoadLibraryA
GetCurrentProcessId
ExitProcess
CreateMutexA
UnmapViewOfFile
HeapFree
lstrlenA
GetCommandLineA
WaitForSingleObject
InterlockedCompareExchange
CopyFileA
CreateFileA
CreateEventA
ReleaseMutex
LeaveCriticalSection
GetVolumeInformationA
GetProcessHeap
InterlockedDecrement
HeapAlloc
EnterCriticalSection
GetTickCount
GetProcAddress
GetModuleFileNameA

ole32

CoInitialize
OleSetContainedObject
OleCreate
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CreateBindCtx

user32

SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
PostQuitMessage
PostMessageA
KillTimer
SendMessageA
SetTimer
GetWindowLongA
SetWindowLongA
RegisterWindowMessageA
TranslateMessage
GetClassNameA
GetMessageA
GetParent
CreateWindowExA
GetSystemMetrics
DispatchMessageA
FindWindowA
DestroyWindow
GetWindowThreadProcessId

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

isaCommscdrom

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7e95ecd6fc062033477f9a41c7da384

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB