2b196d9a9130f990a5afddb8397d7802_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b196d9a9130f990a5afddb8397d7802_JaffaCakes118
Size

152KB
MD5

2b196d9a9130f990a5afddb8397d7802
SHA1

76abdcc44e3d990869f5059523b172df75cd7472
SHA256

97ec7f2faa1e98885349eb1f0f4a2f8a5d02170b95d389d96631cb613b173186
SHA512

675265232a01a7255334f8d2a4a22789c3d7101a0231caa67d9016e8b2c53681961d0c65ebcf3449393765de9311dfc2b6a4eea3b1b21e23132224bb4d74e1bb
SSDEEP

3072:FV4apkjz2v1BtcdXlfbFe+17Ts1v/9n9b:v4mvjtcTfbFe+w1fb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b196d9a9130f990a5afddb8397d7802_JaffaCakes118

Files

2b196d9a9130f990a5afddb8397d7802_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4e146bf50080fa67e5103c08261d7794

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateMutexW
WriteFile
ReadProcessMemory
GetModuleHandleA
CreateProcessA
TerminateProcess
OpenFileMappingA
SetLastError
GetVolumeInformationA
InterlockedCompareExchange
CreateFileA
GetModuleFileNameA
Sleep
MapViewOfFile
CreateDirectoryA
HeapAlloc
GetLastError
GetProcessHeap
InterlockedDecrement
OpenEventA
WaitForSingleObject
GlobalFree
GetComputerNameA
LocalFree
GetCommandLineA
GlobalAlloc
CloseHandle
GetProcAddress
ExitProcess
CopyFileA
EnterCriticalSection
GetCurrentProcess
WriteProcessMemory
GetTickCount
CreateFileMappingA
CreateEventA
LeaveCriticalSection
HeapFree
UnmapViewOfFile
InterlockedIncrement
LoadLibraryA

ole32

CoSetProxyBlanket
CoCreateGuid
CoInitialize
CoUninitialize
OleSetContainedObject
OleCreate
CoTaskMemAlloc
CoCreateInstance

user32

UnhookWindowsHookEx
SendMessageA
GetCursorPos
DestroyWindow
ClientToScreen
GetSystemMetrics
TranslateMessage
PostQuitMessage
SetWindowsHookExA
SetTimer
SetWindowLongA
DispatchMessageA
GetWindow
GetWindowThreadProcessId
PeekMessageA
KillTimer
CreateWindowExA
GetWindowLongA
GetMessageA
GetParent
ScreenToClient
DefWindowProcA
FindWindowA
RegisterWindowMessageA
GetClassNameA

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
SetTokenInformation
DuplicateTokenEx
GetUserNameA
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

BthHelpTask

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 969B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e146bf50080fa67e5103c08261d7794

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 969B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 969B

.reloc
Size: 8KB - Virtual size: 6KB