43d6b722c2ff01c31d9743d6a039cf32_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

43d6b722c2ff01c31d9743d6a039cf32_JaffaCakes118
Size

124KB
MD5

43d6b722c2ff01c31d9743d6a039cf32
SHA1

8078cd11774c9d8bae99648151f1b33cc1717a06
SHA256

ac1ec0f76e58b144e1c16da024240a98b58c574349e4129b06114191b2bad0e3
SHA512

4ed42774ce8f4cdf734cc0a3197d2f3881dd8173314fbf29550186e21aeeb8af05dfb7c5c6ed05d8004da74273c15be0ea2c16cb00d4d804b76ceac1f379eef8
SSDEEP

3072:1lX7OAeN/X2D35UERWUA3mQjIVWnutdVkg20Jd4WzKD:vZo/X2tUyWTPnEFIWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43d6b722c2ff01c31d9743d6a039cf32_JaffaCakes118

Files

43d6b722c2ff01c31d9743d6a039cf32_JaffaCakes118
.dll windows:4 windows x86 arch:x86

201e4ff23f376a61794ff5fa58aac1d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
GetCommandLineA
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
InterlockedDecrement
WriteFile
GetLastError
OpenEventA
GetProcAddress
GetVolumeInformationA
InterlockedIncrement
Sleep
HeapAlloc
CreateProcessA
CreateDirectoryA
CreateFileA
CreateEventA
ReleaseMutex
CloseHandle
MapViewOfFile
GetCurrentProcessId
EnterCriticalSection
HeapFree
LocalFree
GetComputerNameA
LeaveCriticalSection
GetProcessHeap
lstrlenA
CreateMutexA
InterlockedCompareExchange
ExitProcess
SetLastError
CreateFileMappingA
lstrlenW
GetTickCount
CopyFileA
WaitForSingleObject

ole32

CoUninitialize
OleSetContainedObject
CoCreateGuid
CoTaskMemAlloc
OleCreate
CoInitialize
CreateBindCtx

user32

SetWindowsHookExA
DispatchMessageA
RegisterWindowMessageA
SetWindowLongA
GetSystemMetrics
GetMessageA
FindWindowA
GetParent
UnhookWindowsHookEx
GetClassNameA
SendMessageA
PostQuitMessage
KillTimer
CreateWindowExA
GetWindowThreadProcessId
PostMessageA
GetWindowLongA
SetTimer
DestroyWindow
DefWindowProcA
TranslateMessage

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
GetUserNameA
RegCreateKeyExA

shell32

SHGetFolderPathA

Exports

Exports

QuickCommsdb

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

201e4ff23f376a61794ff5fa58aac1d3

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 4KB - Virtual size: 2KB