2fa4e2f00fc56c91d18eed3f3930a81f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fa4e2f00fc56c91d18eed3f3930a81f_JaffaCakes118
Size

148KB
MD5

2fa4e2f00fc56c91d18eed3f3930a81f
SHA1

f886d3252ea8b577a4e6d094de4a3838d7abb644
SHA256

bce0cc94fbb0c68ff986d93444d17014a31542be7493a0008acfffd77320c64f
SHA512

af3727571ce00c2da2d0dc222c9081f2191321f0953dd7faa2b16a8fafd7e8dc2f170898e0c89e7daa74836d2fe28b89435c8f16d4c0ed030acf76f07e21482a
SSDEEP

3072:XPphQcizYMnE+tXfVDnUDarnmB9vYCUPQPf97eZwPH6ec:XfizjE2ZncgmB9vYCBiCPaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa4e2f00fc56c91d18eed3f3930a81f_JaffaCakes118

Files

2fa4e2f00fc56c91d18eed3f3930a81f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c650cc7d589e3840166c3f4508e8546f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CreateProcessA
GlobalFree
GetModuleFileNameA
TerminateProcess
EnterCriticalSection
HeapAlloc
InterlockedCompareExchange
WriteProcessMemory
CreateFileMappingA
Sleep
CreateFileA
GetModuleHandleA
GetCommandLineA
ReadProcessMemory
MapViewOfFile
OpenEventA
GetProcessHeap
HeapFree
UnmapViewOfFile
WaitForSingleObject
GetTickCount
CreateEventA
CreateDirectoryA
OpenFileMappingA
GetProcAddress
CopyFileA
SetLastError
ExitProcess
GetComputerNameA
CloseHandle
WriteFile
InterlockedDecrement
InterlockedIncrement
CreateMutexW
GlobalAlloc
GetCurrentProcess
GetLastError
LocalFree
GetVolumeInformationA
LeaveCriticalSection

ole32

OleCreate
CoCreateInstance
CoInitialize
OleSetContainedObject
CoCreateGuid
CoSetProxyBlanket
CoTaskMemAlloc
CoUninitialize

user32

SetWindowLongA
GetMessageA
PostQuitMessage
TranslateMessage
GetWindow
SendMessageA
KillTimer
SetTimer
GetCursorPos
SetWindowsHookExA
GetClassNameA
RegisterWindowMessageA
DestroyWindow
ScreenToClient
DispatchMessageA
UnhookWindowsHookEx
ClientToScreen
FindWindowA
DefWindowProcA
CreateWindowExA
GetParent
GetSystemMetrics
PeekMessageA
GetWindowThreadProcessId
GetWindowLongA

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegDeleteKeyA
GetUserNameA
RegCreateKeyExA
SetTokenInformation
RegQueryValueExA
OpenProcessToken
DuplicateTokenEx
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA

shell32

SHGetFolderPathA

Exports

Exports

appMaindlg

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c650cc7d589e3840166c3f4508e8546f

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 6KB