149f534faa541ebc2697b512cfbf27ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

149f534faa541ebc2697b512cfbf27ed_JaffaCakes118
Size

341KB
MD5

149f534faa541ebc2697b512cfbf27ed
SHA1

2ba6c732d1c84014736db358804a9fe3cf271133
SHA256

b49f991212600446d053ffe869a860f2ab9a6f89887ef2f684a6124187a98c07
SHA512

65abbbbb4d43c4bec288f052fe6783f5db19ffbba747d3ad6ccc7a1df37b3fc34d0eeb477fd2ebb55d11d14d26d66f2384cd7704bf5e0ad13eff9679049a54b6
SSDEEP

6144:kT2JRyrQ2wzZvmIxI4cj4ev6EUHgIe67vhwLCk2CzrTnFpVzcnJVUoiW:kbQ2uvmI83Ik2CpzcnJVUoiW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149f534faa541ebc2697b512cfbf27ed_JaffaCakes118

Files

149f534faa541ebc2697b512cfbf27ed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c4ead47c74da8d3f2491172261f3ceab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
TerminateProcess
WideCharToMultiByte
lstrlenW
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
GetProcAddress
GetModuleHandleA
FreeResource
GlobalFree
GlobalHandle
lstrlenA
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
lstrcpynA
GlobalAlloc
GlobalUnlock
GlobalLock
InterlockedIncrement
lstrcmpA
InterlockedDecrement
SetEnvironmentVariableA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
SetFilePointer
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
FindResourceA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
GetFileAttributesA
WriteFile
GetLastError
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
HeapSize
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
HeapReAlloc
GetVersion
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
CloseHandle
LoadResource
LockResource
GetWindowsDirectoryA
GetSystemDirectoryA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
GetTempPathA
DeleteFileA
GetModuleFileNameA
CreateFileA
GetFileSize
ReadFile
GetStringTypeA
InterlockedExchange
Sleep
GetLocaleInfoW

user32

SetWindowLongA
DestroyWindow
LoadStringA
LoadIconA
DestroyIcon
DialogBoxIndirectParamA
GetActiveWindow
EndDialog
GetParent
GetClientRect
GetWindowRect
GetDlgItem
SendMessageA
LoadImageA
CreateWindowExA
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
GetClassNameA
GetFocus
IsChild
SetFocus
GetDC
GetSystemMetrics
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetSysColor
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
ReleaseDC
DefWindowProcA
GetClassInfoExA
LoadCursorA
RegisterClassExA
GetWindowLongA
GetWindow
SystemParametersInfoA
MapWindowPoints
SetWindowPos
MoveWindow
ShowWindow
GetCursorPos
IsIconic
IsWindowVisible
GetLastActivePopup
SetForegroundWindow
wsprintfA
FindWindowA
PostMessageA
RegisterWindowMessageA
IsWindow

gdi32

GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
DispCallFunc
OleCreateFontIndirect
LoadRegTypeLi
SysStringLen
VariantInit
VariantCopyInd
VariantChangeType
VariantClear

Exports

Exports

CPlApplet

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4ead47c74da8d3f2491172261f3ceab

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 16KB - Virtual size: 14KB