1a8e5b3fd097c08d949641aac205b9fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a8e5b3fd097c08d949641aac205b9fb_JaffaCakes118
Size

118KB
MD5

1a8e5b3fd097c08d949641aac205b9fb
SHA1

d0c078108e67365574d19fdc38dab6fe4eac4d45
SHA256

bc6377698ade84095d54725787ca7f01cae7c972b48001bc94996e701b41487e
SHA512

698cd7428d8ff24694e4b463af7c3e691358bbb0b1932db1d6122e74a2e9e2493e5fe12938c0993e8e8d2f10216ba5a00538336ffa9c185186c52c5a692b0cdd
SSDEEP

3072:6F2HUz3nTlQheb6OtrUvTn8DZ1skkaHIJsjBWn6ikY8:1c3nTiUbTQvTzFOFij

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a8e5b3fd097c08d949641aac205b9fb_JaffaCakes118

Files

1a8e5b3fd097c08d949641aac205b9fb_JaffaCakes118
.dll windows:6 windows x86 arch:x86

6c3887a98a688cbc825bd5332ba6b14e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
WinExec
OpenProcess
WideCharToMultiByte
WriteFile
CreateFileW
GetFileAttributesW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
TerminateProcess
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
MultiByteToWideChar
InitializeCriticalSectionEx
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetFileType
GetStdHandle
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
LocalFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
RtlUnwind
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapSize
HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW

advapi32

RegOpenKeyExA
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

shlwapi

PathIsDirectoryEmptyW

pgort140

IrtClientAbort
IrtInitDiffBuffer
IrtTearDownDiffBuffer
IrtPogoInit
IrtSetStaticInfo
IrtAutoSweepW
IrtAutoSweepA

Exports

Exports

ckcr
ckmz
ckop
jrefvwevbe
pkill
sendc
swvervwerbv

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c3887a98a688cbc825bd5332ba6b14e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

pgort140

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 4KB