1b500a24e35e6f865c0a3fdfec501952_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b500a24e35e6f865c0a3fdfec501952_JaffaCakes118
Size

80KB
MD5

1b500a24e35e6f865c0a3fdfec501952
SHA1

b0e3b2ac68ef8b8e67a99e58dc899188c12b1283
SHA256

d38e88961cc4293868f5e386f4c9f2a920ac25867422caa5d96b63d8f42685dd
SHA512

8d58909def94c6f4feae402d52641e22c41dc5841b808ea97b64a88a1b1556c3ce7a2212a4c416198f043ca90e83f9317568f3ecfe4d0415fff8b7434f0b36fe
SSDEEP

1536:ORmAD4t/V1I6kVd7cLTSsV5mOKn1bU1o0w78vwT5FvhjGX:yEhLI6kVW3dV5G2q78vwT5Fv5G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b500a24e35e6f865c0a3fdfec501952_JaffaCakes118

Files

1b500a24e35e6f865c0a3fdfec501952_JaffaCakes118
.dll windows:4 windows x86 arch:x86

56f06c1f8e177ad20fafc186d0953e15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextChangeNotification
CreateFileMappingW
GetDateFormatA
GlobalAlloc
DeleteTimerQueueEx
ReadConsoleW
GetThreadContext
CompareStringA
SetCurrentDirectoryW
CreateToolhelp32Snapshot
CreateActCtxW
lstrcmpW
VerifyVersionInfoA
MoveFileA
AreFileApisANSI
GetEnvironmentVariableW
GetStartupInfoW
CreateNamedPipeA
FindResourceExW
ReadConsoleInputW
SearchPathA
CreateWaitableTimerW
GetStringTypeW
GetLogicalDriveStringsA
ConvertDefaultLocale
FindNextVolumeMountPointW
OpenProcess
OpenMutexW
FindActCtxSectionStringW
ReadConsoleA
FindResourceA
lstrcmpA
lstrcmpiA
GetProfileIntW
QueueUserWorkItem
GlobalFlags
FindResourceW
GetTempFileNameW
LocalFree
InitializeCriticalSectionAndSpinCount
LoadLibraryA
VirtualProtect
GetModuleHandleA
GetCommandLineA
lstrlenA
CreateMutexA
WriteFile
CreateProcessA
InterlockedExchange
InterlockedIncrement
CreateFileA
lstrlenW
SetLastError
LeaveCriticalSection
GetProcAddress
GetProcessHeap
ReadFileEx
InterlockedCompareExchange

shlwapi

PathUnquoteSpacesW
AssocQueryStringW
SHCreateStreamOnFileW
PathBuildRootW
StrCmpIW
SHRegSetPathW
SHSetValueW
SHDeleteKeyW
UrlIsW
PathIsNetworkPathW
StrDupW
PathAddBackslashA
PathCanonicalizeW
SHAutoComplete
PathIsUNCW
SHDeleteValueW
PathGetCharTypeW

gdi32

SetPixelV
CreateDCW
SetLayout
ModifyWorldTransform
Pie
GetTextAlign
GetMetaFileBitsEx
GetPixelFormat
GetObjectType
GetWindowExtEx
CreateRoundRectRgn
GetTextMetricsW
SetViewportExtEx
CreateHatchBrush
GetGlyphOutlineA
CreateBrushIndirect
ExtTextOutW
GetSystemPaletteUse
StrokeAndFillPath

Exports

Exports

acxHelpclass

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56f06c1f8e177ad20fafc186d0953e15

Headers

File Characteristics

Imports

kernel32

shlwapi

gdi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB