3117689863bbf4a6ad815d6f9c857a84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3117689863bbf4a6ad815d6f9c857a84_JaffaCakes118
Size

144KB
MD5

3117689863bbf4a6ad815d6f9c857a84
SHA1

eff18d910bfc6d765d2b7ad248b79a96be72dde0
SHA256

5a73e1a1530c9fe7bfbeefb358669154f555e61bac70d89fd32327fccf5c2e7a
SHA512

2802ab392e4d0736497a44d810abb3d0a5f2a09874a68f68309921ae00b2f62bb724c155fc1f788330eccc20e5204233832d5ffbaba50819521aeb6c806679f2
SSDEEP

3072:HouWuAjgRntGkNjMl10migdB9TyrmQuOVJxecnC46:ISAjgRtTMsmtT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3117689863bbf4a6ad815d6f9c857a84_JaffaCakes118

Files

3117689863bbf4a6ad815d6f9c857a84_JaffaCakes118
.dll windows:4 windows x86 arch:x86

69b0ff5be191072cf5becc6d15be6bdc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
GetProcAddress
EnterCriticalSection
CreateDirectoryA
GetLastError
GetComputerNameA
TerminateProcess
InterlockedIncrement
GlobalAlloc
GetProcessHeap
CreateMutexW
GetVolumeInformationA
SetLastError
CreateProcessA
WriteFile
LeaveCriticalSection
GetCommandLineA
InterlockedDecrement
HeapAlloc
GetModuleFileNameA
WaitForSingleObject
ReadProcessMemory
CreateEventA
MapViewOfFile
HeapFree
GlobalFree
LocalFree
OpenFileMappingA
UnmapViewOfFile
GetTickCount
CreateFileA
OpenEventA
Sleep
LoadLibraryA
CloseHandle
ExitProcess
WriteProcessMemory
InterlockedCompareExchange
GetModuleHandleA
CopyFileA
GetCurrentProcess

ole32

CoTaskMemAlloc
CoUninitialize
OleCreate
CoCreateGuid
CoSetProxyBlanket
CoInitialize
OleSetContainedObject
CoCreateInstance

user32

PostQuitMessage
FindWindowA
SetTimer
ScreenToClient
GetWindow
SetWindowLongA
PeekMessageA
RegisterWindowMessageA
CreateWindowExA
GetClassNameA
SetWindowsHookExA
UnhookWindowsHookEx
SendMessageA
TranslateMessage
DestroyWindow
ClientToScreen
DefWindowProcA
GetWindowLongA
KillTimer
GetMessageA
GetCursorPos
GetParent
DispatchMessageA
GetSystemMetrics
GetWindowThreadProcessId

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

GetUserNameA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
DuplicateTokenEx
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
SetTokenInformation
RegSetValueExA
OpenProcessToken

shell32

SHGetFolderPathA

Exports

Exports

usbUserdb

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bebhy
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69b0ff5be191072cf5becc6d15be6bdc

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 968B

bebhy Size: 4KB - Virtual size: 8B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 968B

bebhy
Size: 4KB - Virtual size: 8B

.reloc
Size: 8KB - Virtual size: 6KB