070b3ed3e0baf83a21521ee673815e54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

070b3ed3e0baf83a21521ee673815e54_JaffaCakes118
Size

220KB
MD5

070b3ed3e0baf83a21521ee673815e54
SHA1

cf42b9b9c7f4aaed8b7be09d42431e2b06b1b0a2
SHA256

2b30f0ca39526b6b79099142a5bf77595ee8efaf89629d9028b95ec627e5c336
SHA512

e8122771c2964f261d59be9c2255b1c008d6d9eaa11ebb7deb32edbb29c7f39b647c4dadb8472dd8ccc6f81f8a735cedd2254b941bc81816ff2d8eff1af73377
SSDEEP

6144:SYGj6rxBxLAwhOE4XYYIjnw0GwlxTyqJO:MjCxBxlhwUTTPk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
070b3ed3e0baf83a21521ee673815e54_JaffaCakes118

Files

070b3ed3e0baf83a21521ee673815e54_JaffaCakes118
.dll windows:4 windows x86 arch:x86

35b6938edb1e658a7628351d2ff3451b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
lstrcmpiA
WinExec
lstrcatA
GetLastError
CreateProcessA
lstrlenA
GetModuleFileNameA
GetProfileStringA
WriteProfileStringA
FindFirstFileA
GetDiskFreeSpaceA
FindClose
FindNextFileA
_lclose
_lread
_lopen
GetProcAddress
LoadLibraryA
SetErrorMode
_llseek
TlsSetValue
GetCurrentThreadId
SetFilePointer
SetStdHandle
CloseHandle
FlushFileBuffers
GetLocaleInfoW
GetLocaleInfoA
VirtualAlloc
GetStringTypeW
GetStringTypeA
HeapAlloc
HeapFree
WriteFile
GetEnvironmentStringsW
GetCommandLineA
GetModuleHandleA
GetVersion
InitializeCriticalSection
lstrcpyA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
MultiByteToWideChar
LCMapStringA
WideCharToMultiByte
LCMapStringW
TerminateProcess
GetCurrentProcess
FreeEnvironmentStringsW
SetHandleCount
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
GetCPInfo
GetFileType
GetStdHandle
GetStartupInfoA
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

PeekMessageA
PostQuitMessage
GetActiveWindow
GetWindowLongA
wsprintfA
LoadStringA
SetTimer
GetMessageA
DispatchMessageA
KillTimer
EnumChildWindows
GetWindowThreadProcessId
EnumThreadWindows
GetClassNameA
EnumWindows
GetWindowTextA
MessageBoxA
SetWindowPos
ShowWindow

comdlg32

GetOpenFileNameA

Exports

Exports

AOLDBExtract
AOLGetScreenName
AOLGetVersion
AOLGoTo
AOLHide
AOLInstall
AOLIsInstalled
AOLIsInstalledAndRegistered
AOLIsOnline
AOLIsRegistered
AOLIsRunning
AOLLaunch
AOLSignOff
DllMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35b6938edb1e658a7628351d2ff3451b

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 9KB - Virtual size: 13KB

.idata Size: 170KB - Virtual size: 170KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 13KB

.idata
Size: 170KB - Virtual size: 170KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB