473dc16fbe636d881eb2aaa903328e1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

473dc16fbe636d881eb2aaa903328e1d_JaffaCakes118
Size

140KB
MD5

473dc16fbe636d881eb2aaa903328e1d
SHA1

3cd6b8942dc0a05b7a6444b98ea5e10a3e4e85eb
SHA256

1df402d9558b653ae79141a7f1397ae44879c1a5d88b180b77c13c135bafacff
SHA512

62b03d5bc0c084b0144cffc999f250d23715a685939950e40fa186381ad285e2c81ca4c9cd8cd7993d2596b82a4b8b89cbd9ae7961c680e0548649a421c6155a
SSDEEP

3072:ix785BJP/OEb22FQzRrhPHB1YGOQhkimjAP0FPRVK:ixQ7P/OoezRJzIiw1K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
473dc16fbe636d881eb2aaa903328e1d_JaffaCakes118

Files

473dc16fbe636d881eb2aaa903328e1d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

edfcc347b78afeb2a24ac6181e707ef6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
GetVolumeInformationA
HeapFree
InterlockedIncrement
GetLastError
InterlockedCompareExchange
GlobalAlloc
LeaveCriticalSection
CreateFileA
CreateEventA
CreateDirectoryA
GetComputerNameA
MapViewOfFile
GetProcessHeap
ReadProcessMemory
GetModuleFileNameA
OpenFileMappingA
HeapAlloc
EnterCriticalSection
ExitProcess
WriteProcessMemory
CopyFileA
GetCurrentProcess
LocalFree
LoadLibraryA
CloseHandle
WaitForSingleObject
OpenEventA
TerminateProcess
GetTickCount
CreateMutexW
CreateProcessA
UnmapViewOfFile
GetCommandLineA
GetProcAddress
InterlockedDecrement
GlobalFree
WriteFile
GetModuleHandleA
SetLastError
CreateFileMappingA

ole32

CoSetProxyBlanket
OleSetContainedObject
OleCreate
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoCreateGuid

user32

SetTimer
DispatchMessageA
GetWindow
GetWindowLongA
DestroyWindow
DefWindowProcA
CreateWindowExA
PostQuitMessage
SetWindowsHookExA
SendMessageA
GetClassNameA
GetSystemMetrics
TranslateMessage
ClientToScreen
GetCursorPos
ScreenToClient
SetWindowLongA
GetMessageA
UnhookWindowsHookEx
PeekMessageA
GetParent
KillTimer
GetWindowThreadProcessId
RegisterWindowMessageA
FindWindowA

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

SetTokenInformation
GetUserNameA
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathA

Exports

Exports

BluetoothUserOffice

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edfcc347b78afeb2a24ac6181e707ef6

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 992B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 992B

.reloc
Size: 8KB - Virtual size: 6KB