3d294784372eac5fb2dc472acd12eed8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d294784372eac5fb2dc472acd12eed8_JaffaCakes118
Size

167KB
MD5

3d294784372eac5fb2dc472acd12eed8
SHA1

632ff090d5f1be744987fb0af0187524120b27d5
SHA256

91b2a4aadedbbd90db3ef43b5d40ac767164b7e161b4475e2b79c3c6e174a506
SHA512

3cc41997025ddd96152f46da930757fc5f52b7e7e1dc5382704af6af37b6ed28d8576a6a18c230202f53347c6f995d4b080bc6f9feac6165135ee9ff3f17a751
SSDEEP

3072:3frDEfZJ0paDff78z9qx4FpeRVeo0Zba9pi:vvVpwgz9qxlRVelZu+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d294784372eac5fb2dc472acd12eed8_JaffaCakes118

Files

3d294784372eac5fb2dc472acd12eed8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

91a9cb63e83d7ad5798e0f60ec71ff27

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteKeyA

kernel32

CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDriveTypeA
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LCMapStringA
LeaveCriticalSection
LoadLibraryA
MoveFileA
MultiByteToWideChar
Process32First
Process32Next
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetErrorMode
SetFileAttributesA
SetFilePointer
SetHandleCount
SetLastError
Sleep
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

mpr

WNetCloseEnum
WNetEnumResourceA
WNetOpenEnumA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits
SelectObject

user32

EnumThreadWindows
GetAsyncKeyState
GetDC
GetDesktopWindow
GetForegroundWindow
GetKeyState
GetSystemMetrics
GetWindowTextA
MessageBoxA
ReleaseDC
wsprintfA

Exports

Exports

ProcGo
___CPPdebugHook

Sections

.text
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91a9cb63e83d7ad5798e0f60ec71ff27

Headers

File Characteristics

Imports

advapi32

kernel32

mpr

gdi32

user32

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 96KB

.data Size: 60KB - Virtual size: 80KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 5KB - Virtual size: 8KB

.text
Size: 95KB - Virtual size: 96KB

.data
Size: 60KB - Virtual size: 80KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 5KB - Virtual size: 8KB