17da8b048f2b9c75276450f8bb78c876_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17da8b048f2b9c75276450f8bb78c876_JaffaCakes118
Size

152KB
MD5

17da8b048f2b9c75276450f8bb78c876
SHA1

517e702cf0356482512f03ea5e90e9bc76ba9691
SHA256

273a2e0c16662e5f137ed54771bd14ab0658634777c401a04558307694099a62
SHA512

99adb504b586a2c5670ed57b22d3e9350b57ba681ba4668ecdb5d71ff431f0e2eaf1b1bf787c7011fa29a71ea1721bbbcafb1215dd4ab1dcc2a9d5c05b883004
SSDEEP

3072:z8GVkmQUGx4PNR0LGi87knVVv0NtbQIwGZcpffInKfL+zvh4Vm:zBDRW1ahQzGZufAKEOV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17da8b048f2b9c75276450f8bb78c876_JaffaCakes118

Files

17da8b048f2b9c75276450f8bb78c876_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e18342de8b5ad0e292ddadc65e3e6aa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
LoadLibraryA
CloseHandle
HeapAlloc
CopyFileA
UnmapViewOfFile
GetCurrentProcess
GetProcAddress
HeapFree
GetCommandLineA
MapViewOfFile
CreateDirectoryA
GlobalFree
GetTickCount
GetComputerNameA
OpenEventA
Sleep
GetLastError
InterlockedIncrement
TerminateProcess
OpenFileMappingA
GlobalAlloc
GetProcessHeap
CreateFileMappingA
CreateMutexW
WaitForSingleObject
ReadProcessMemory
CreateFileA
WriteFile
SetLastError
InterlockedCompareExchange
InterlockedDecrement
LocalFree
CreateEventA
ExitProcess
EnterCriticalSection
GetModuleHandleA
WriteProcessMemory
GetVolumeInformationA
CreateProcessA
GetModuleFileNameA

ole32

CoSetProxyBlanket
CoCreateGuid
OleCreate
OleSetContainedObject
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize

user32

UnhookWindowsHookEx
SetWindowLongA
CreateWindowExA
DefWindowProcA
DispatchMessageA
PeekMessageA
KillTimer
ClientToScreen
RegisterWindowMessageA
FindWindowA
SetTimer
SendMessageA
DestroyWindow
GetMessageA
GetCursorPos
TranslateMessage
GetWindowThreadProcessId
ScreenToClient
GetParent
PostQuitMessage
GetWindowLongA
GetSystemMetrics
GetClassNameA
GetWindow
SetWindowsHookExA

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SysStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

SetTokenInformation
RegOpenKeyExA
OpenProcessToken
RegSetValueExA
RegDeleteValueA
GetUserNameA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
DuplicateTokenEx
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

HpobjCmds

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1001B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e18342de8b5ad0e292ddadc65e3e6aa8

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1001B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1001B

.reloc
Size: 8KB - Virtual size: 6KB