2dab0e242779f3c3123294b03018323e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dab0e242779f3c3123294b03018323e_JaffaCakes118
Size

228KB
MD5

2dab0e242779f3c3123294b03018323e
SHA1

1aa249ccf97152286dcc4e8829fbae9e16c077ae
SHA256

63c353eb7262c6c8611428c6ea0b700f426b903c3b527f4913d66c35b836c2f2
SHA512

c77663d61fae7b800ddb78bf302a1e2511af7f1e1ca0053c99dd77a88574d2e04e4cb55a808d3a57360cd9b46b9ba6c165f0676789863e7660d7c94f790f5d9e
SSDEEP

3072:nx6KYtdfNF7DEHAkZCtD/pkmgvJIKqEWzkCw4aFJUfNydk+55J0+NsCeO+e9bkhX:TEJOA7t9nKIGHua02nwhUkdD5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dab0e242779f3c3123294b03018323e_JaffaCakes118

Files

2dab0e242779f3c3123294b03018323e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dae18d9a76aa8a0671b1fe325d0ddec4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA

comctl32

ImageList_Remove
ImageList_DragShowNolock
ImageList_DrawEx

kernel32

GetProcAddress
ExitThread
GlobalDeleteAtom
lstrlenA
VirtualAllocEx
GetOEMCP
GetCommandLineA
CreateFileA
GetVersionExA
FindResourceA
VirtualQuery
VirtualAlloc
GetACP
GetModuleHandleA
lstrcpynA
CompareStringA
GetFileSize

user32

GetCursor
UnhookWindowsHookEx
IsWindowVisible
GetTopWindow
MessageBeep
GetFocus
CharLowerA
LoadBitmapA
RegisterClassA
ShowOwnedPopups
WindowFromPoint
DrawAnimatedRects
RegisterWindowMessageA
SetWindowPos
SetScrollInfo
SetScrollRange
MoveWindow
GetActiveWindow
MapVirtualKeyA
CharNextW
CharLowerBuffA
CallWindowProcA
ClientToScreen
GetKeyboardState

comdlg32

GetSaveFileNameA

gdi32

GetPixel
CreateBrushIndirect

shell32

SHGetSpecialFolderLocation
SHGetFolderPathA

ole32

CoCreateInstanceEx
CoUninitialize
OleRun
CoCreateFreeThreadedMarshaler
StgCreateDocfileOnILockBytes
CreateOleAdviseHolder
OleRegGetUserType

Sections

CODE
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 185KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae18d9a76aa8a0671b1fe325d0ddec4

Headers

File Characteristics

Imports

version

comctl32

kernel32

user32

comdlg32

gdi32

shell32

ole32

Sections

CODE Size: 35KB - Virtual size: 34KB

.tls Size: 185KB - Virtual size: 312KB

.rdata Size: 3KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 990B

CODE
Size: 35KB - Virtual size: 34KB

.tls
Size: 185KB - Virtual size: 312KB

.rdata
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 990B