3eb556992d62f4e6d39000e5e7c5e02f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3eb556992d62f4e6d39000e5e7c5e02f_JaffaCakes118
Size

44KB
MD5

3eb556992d62f4e6d39000e5e7c5e02f
SHA1

b9ef289b4d166ba47651d9b6ffb70e4a298ba020
SHA256

f6dd2d0273c944e3f321a6ee72d7eb00c30009d69f5ffbd0b65c08ca57f0f3f5
SHA512

022efcf901fccd4ab38785df89a22d342ef2795142ff241491ff28f9a7468eb5d51416da87b7bb9989db3530de7616f7ec9261b69219c9d8f70b5a0581659c0b
SSDEEP

768:O6CKklHUHX46hmautGhkryRurc0VzksuyH:OekHOXVmai6kryAwsuyH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb556992d62f4e6d39000e5e7c5e02f_JaffaCakes118

Files

3eb556992d62f4e6d39000e5e7c5e02f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

142c55fd739c5fd3daed44dbf3cc87c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
lstrlenW
WideCharToMultiByte
lstrcatA
lstrcpyW
GetLastError
lstrcmpiW
lstrcpynW
ResetEvent
WaitForSingleObject
SetEvent
InterlockedDecrement
SetErrorMode
GetFileAttributesW
CreateProcessW
SuspendThread
TerminateThread
CreateThread
Sleep
GetModuleFileNameW
FreeLibraryAndExitThread
LoadLibraryW
OpenMutexW
CreateMutexW
GetCurrentProcess
GetModuleHandleA
VirtualAlloc
VirtualFree
ExitProcess
DisableThreadLibraryCalls
lstrcmpiA
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
CopyFileW
CreateWaitableTimerW
SetWaitableTimer
GetCurrentThread
GetFileTime
SetFileTime
lstrcmpW
MoveFileW
MoveFileExW
WaitForMultipleObjects
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
FindFirstFileW
FindNextFileW
FindClose
GetSystemWindowsDirectoryW
GetVolumeInformationW
GetSystemTime
MultiByteToWideChar
lstrcpyA
lstrlenA
GetTickCount
WriteFile
SetEndOfFile
SetFilePointer
ReadFile
GetFileSize
CreateFileW
lstrcpynA
CloseHandle
CreateEventW
FreeLibrary
GetProcAddress
Process32NextW
LoadLibraryA

ntdll

_wcsnicmp
towlower
_strnicmp
toupper
tolower
strlen
memcpy
NtQueryInformationProcess
_snwprintf
wcscpy
wcslen
isalnum
_wtoi
memset
wcscspn
_itow
towupper
wcschr
_chkstk

user32

wsprintfW
SetWindowsHookExW
PostMessageW
CallNextHookEx
GetForegroundWindow
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects

advapi32

RegQueryValueExW
RegCloseKey
SetNamedSecurityInfoW
OpenProcessToken
GetTokenInformation
GetSidSubAuthority
GetSidSubAuthorityCount
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegFlushKey
RegQueryInfoKeyW
RegEnumValueW

shell32

SHGetSpecialFolderPathW
ord680
SHGetFolderPathW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid

Exports

Exports

Startup
e
iep
l
r
rae

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

142c55fd739c5fd3daed44dbf3cc87c6

Headers

File Characteristics

Imports

kernel32

ntdll

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB