1508cb13c3523bfea61d94fc617fa37b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1508cb13c3523bfea61d94fc617fa37b_JaffaCakes118
Size

148KB
MD5

1508cb13c3523bfea61d94fc617fa37b
SHA1

af5098a8ad41042bd92cc6b3d41995b98f400735
SHA256

5a0c9b6e938e991e51f0ca43f22ed15b0c693544f313b7c77e6edc7983dfc005
SHA512

ccaf46a78c00d30e051ab799b0aae03ea106879c528bccd0ab7ff09866b0bcf4adb4a9f3d79408c6e495a2f9ed7ec0f127bc632ebc1ddcff3c0081dc4aac707f
SSDEEP

3072:i/rkWIBK1Xqs/bGboySYb+XFdyDEdwoqLDBVrGLdimkNIAyG2:DCzG7xbqEEdwvLDBRG4i1G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1508cb13c3523bfea61d94fc617fa37b_JaffaCakes118

Files

1508cb13c3523bfea61d94fc617fa37b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

246d6dcdad5c7e696871693508d23526

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
GetTickCount
UnmapViewOfFile
OpenFileMappingA
GlobalFree
EnterCriticalSection
InterlockedDecrement
SetLastError
GlobalAlloc
CreateProcessA
GetModuleFileNameA
InterlockedIncrement
GetProcessHeap
CreateFileA
GetCurrentProcess
ReadProcessMemory
CreateEventA
WriteFile
LoadLibraryA
OpenEventA
Sleep
GetComputerNameA
CreateMutexW
GetLastError
WaitForSingleObject
HeapFree
ExitProcess
GetModuleHandleA
CreateDirectoryA
GetProcAddress
LeaveCriticalSection
HeapAlloc
CopyFileA
WriteProcessMemory
CloseHandle
TerminateProcess
GetCommandLineA
CreateFileMappingA
InterlockedCompareExchange
MapViewOfFile
GetVolumeInformationA

ole32

CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize
OleCreate
OleSetContainedObject
CoSetProxyBlanket

user32

PostQuitMessage
UnhookWindowsHookEx
GetWindowThreadProcessId
GetCursorPos
RegisterWindowMessageA
SetTimer
DestroyWindow
KillTimer
CreateWindowExA
GetClassNameA
ClientToScreen
DefWindowProcA
GetWindowLongA
GetSystemMetrics
SetWindowLongA
FindWindowA
GetParent
TranslateMessage
GetWindow
SetWindowsHookExA
ScreenToClient
PeekMessageA
SendMessageA
GetMessageA
DispatchMessageA

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

SetTokenInformation
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
OpenProcessToken
RegDeleteValueA
GetUserNameA
RegQueryValueExA
DuplicateTokenEx

shell32

SHGetFolderPathA

Exports

Exports

nsCommslog

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

246d6dcdad5c7e696871693508d23526

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1024B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1024B

.reloc
Size: 8KB - Virtual size: 6KB