0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118
Size

133KB
MD5

0f00b8e4a66cb10f54da15b2231917cf
SHA1

91644ab0712992efa6f4d715d6a4ff898bf376ca
SHA256

c06f8dbed7ec3cde0dd604cc3669eb18b5521e30e02f3dfb48030b4a3aeb260e
SHA512

3a9f3cd571e3ad0f31bbdbda6192316850a439d3b7c2a85c707ec3b460d5095fa9c64dbf668f023c737fd84d162aca9ed5b35516c18bc7dbc6eed58e64bcb7e7
SSDEEP

3072:0aUFZXVAcR4enPgACthb935g2elsMqqDLy/p5kS:0aEYcR4ePuhxJAqqDLuh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118

Files

0f00b8e4a66cb10f54da15b2231917cf_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7dbb16bfb34a36a27c32bcc82ccccf49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemWindowsDirectoryW
CreateMutexW
ProcessIdToSessionId
lstrlenW
WideCharToMultiByte
GetModuleHandleW
ResetEvent
GlobalAlloc
DnsHostnameToComputerNameW
GetTempFileNameW
GetTempPathW
GetFileSize
InterlockedDecrement
HeapDestroy
HeapCreate
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetSystemInfo
CreateFileMappingW
CreateEventW
CreateThread
SetEvent
LoadLibraryExW
CloseHandle
GetCurrentProcessId
CreateProcessW
lstrcmpW
LocalFree
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
GetCPInfo
GetOEMCP
GetACP
HeapAlloc
GetLocaleInfoA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedCompareExchange
ReleaseMutex
WaitForSingleObject
GetTickCount
GetVersionExW
LoadLibraryA
VirtualAlloc
VirtualFree
CreateFileW
LocalAlloc
GetCommandLineA
WriteFile
VirtualProtect
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapFree
GetModuleFileNameA
GetStartupInfoA
RtlUnwind
GetVersionExA
InterlockedExchange
VirtualQuery
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType

user32

PostMessageW
GetWindow
GetLastActivePopup
EnableWindow
TranslateMessage
DispatchMessageW
PeekMessageW
SetForegroundWindow
SetFocus
FindWindowW
GetUserObjectInformationW
GetProcessWindowStation
LoadStringW
GetMessageW
SendNotifyMessageW
MessageBoxW
MsgWaitForMultipleObjects

advapi32

RegisterEventSourceW
RegCreateKeyExW
RegDeleteValueW
DeregisterEventSource
ReportEventW
RegCloseKey
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW

gdi32

DeleteDC
GetDeviceCaps
CreateDCW

rpcrt4

NdrClientCall2
RpcMgmtIsServerListening
RpcStringFreeW
RpcSmDestroyClientContext
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dbb16bfb34a36a27c32bcc82ccccf49

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

rpcrt4

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB