35daf1242490bd8fa6aa9df41d526bce_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

35daf1242490bd8fa6aa9df41d526bce_JaffaCakes118
Size

62KB
MD5

35daf1242490bd8fa6aa9df41d526bce
SHA1

a0c3d8f2b6c80ebe285191a771b4509ed98041e6
SHA256

0c8ca23f2466ae7ba96caa0697eed4d3c569baeeb353b687c4547f5d4b715cd9
SHA512

0c4603515195f6dfa4dad2977a4d4393da941ea863055b1ac4dee9bdff661d6caaeaa0874cf88a1d5ba5883adb4d1f036d40feaf1861dab56ab1ed34ceb81196
SSDEEP

768:jTEgFjmlF191AtnDFVDvu+aB1ZdgyMkaNVZWLe6UAiOyVEODYNhFseYdqXba38T9:/4p91wD3ru+aB1ZdFM9Nb56kPDEsIu3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35daf1242490bd8fa6aa9df41d526bce_JaffaCakes118

Files

35daf1242490bd8fa6aa9df41d526bce_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a9181fba4d162414d0e52a059f980651

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ExitProcess
Sleep
GetVersion
CreateProcessA
CloseHandle
WriteFile
CreateFileA
lstrcpynA
CreateEventA
GetVersionExA
lstrcmpA
VirtualAlloc
VirtualFree
lstrcmpiA
FreeLibrary
LoadLibraryA
GetSystemDirectoryA
GetSystemTime
MoveFileA
GetCurrentThreadId
WritePrivateProfileStringA
GetWindowsDirectoryA
MoveFileExA
GetTempPathA
CreateMutexA
GetTickCount
GetLocaleInfoA
GetVolumeInformationA
SetEvent
GetFileSize
SystemTimeToFileTime
GetProcessHeap
HeapFree
ReadFile
HeapAlloc
GetTempFileNameA
DeleteFileA
GlobalAlloc
VirtualQueryEx
GetThreadContext
GlobalFree
TerminateProcess
ResumeThread
RtlUnwind
VirtualQuery
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
OpenProcess
FindAtomA
GetLastError
lstrcpyA
GetModuleHandleA
GetProcAddress
lstrlenA
RaiseException
lstrcatA
ReleaseMutex
GetModuleFileNameA

user32

CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DefWindowProcA
GetWindowTextA
CloseDesktop
SetThreadDesktop
GetThreadDesktop
OpenInputDesktop
MessageBoxA
GetMessageA
SetWindowsHookExA
PostMessageA
FindWindowExA
GetWindowThreadProcessId
wsprintfA
EqualRect
IsWindowVisible
ClientToScreen
InflateRect
GetCursorPos
GetFocus
TranslateMessage
DispatchMessageA
CallNextHookEx
FindWindowA

advapi32

RegCloseKey
RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
OpenProcessToken
CreateProcessAsUserA
RegCreateKeyExA

shlwapi

SHDeleteValueA
SHGetValueA
SHSetValueA
SHDeleteKeyA

Exports

Exports

OgKIGmdHN
qiwEyKaerJkA
uhogNyPxIkB
vbvOJu
wzWAPQ

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9181fba4d162414d0e52a059f980651

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 2KB