45078b949cdc62d6f4fb7d922040941f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

45078b949cdc62d6f4fb7d922040941f_JaffaCakes118
Size

196KB
MD5

45078b949cdc62d6f4fb7d922040941f
SHA1

acf8deb4513ab0622e2b2a7fe670e5f1d1afa0a5
SHA256

4aa2c22b1793c1e1deac4ca6a3d0979d090c768170798edb42e20dcf6fc57508
SHA512

8db41ab5b14ca51d9ce231dfdca481e34e4b998279d8207a02579788094166fe6962de178e43201267fb9c465fd583981eba2629a66d5d5fc47d94400357efc0
SSDEEP

3072:0VrlnbnLHvRPmqI6HOkdsRc1kmY2/lBE0oXeANRpQ3z3qoz228k:2zrvgK6m1kVv5qDJV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45078b949cdc62d6f4fb7d922040941f_JaffaCakes118

Files

45078b949cdc62d6f4fb7d922040941f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8769bf10e41af045096d52cc19078fe6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalAlloc
ReadFile
FindFirstFileW
FindClose
FindNextFileW
GetCurrentProcessId
GetComputerNameW
VirtualAlloc
VirtualFree
SetFilePointer
DeviceIoControl
GetFileAttributesW
TlsSetValue
TlsGetValue
GetTickCount
GetSystemTimeAsFileTime
SetFileAttributesW
SetPriorityClass
ExpandEnvironmentStringsW
LoadLibraryA
CreateEventW
SetProcessShutdownParameters
SetConsoleCtrlHandler
SetEnvironmentVariableW
GetEnvironmentVariableW
IsDebuggerPresent
GetOEMCP
GetACP
GetCPInfo
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapReAlloc
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetVersion
RtlUnwind
HeapFree
HeapAlloc
RaiseException
TlsAlloc
GetStringTypeW
CreateSemaphoreW
ReleaseMutex
GetUserDefaultLCID
CompareFileTime
DeleteFileW
lstrcatW
GetModuleFileNameW
lstrcpynW
lstrcmpiW
LCMapStringW
lstrcpyW
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls
InterlockedCompareExchange
InterlockedExchange
LocalFree
LockResource
CreateThread
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
LoadResource
GetExitCodeThread
WaitForSingleObject
Sleep
GetCommandLineW
CreateMutexW
InterlockedIncrement
GetProcAddress
FreeLibrary
InterlockedDecrement
lstrlenW
GetCurrentThreadId
lstrcmpW
FormatMessageW
CreateFileW
CreateProcessW
CloseHandle
FindResourceExW
VirtualProtect
GetStringTypeA
GetCommandLineA

user32

SetWindowTextW
EnableWindow
SendMessageW
GetDlgItem
DestroyMenu
ClientToScreen
InsertMenuW
EndDialog
TranslateMessage
PeekMessageW
SetForegroundWindow
GetLastActivePopup
FindWindowW
GetDlgCtrlID
LoadImageW
MessageBoxW
DefWindowProcW
CharNextW
SendMessageA
LoadStringW
DispatchMessageW
GetWindowTextW
GetSystemMetrics
GetWindowRect
IsWindowEnabled
ShowWindow
GetClientRect
SetWindowLongW
GetWindowLongW
SetTimer
CharLowerW
GetDC
ReleaseDC
SystemParametersInfoW
ScreenToClient
CreateWindowExW
SetWindowPos
PostMessageW
CallWindowProcW
TrackPopupMenu

advapi32

LsaClose
CryptReleaseContext
CryptDestroyKey
CryptDecrypt
CryptGenRandom
RevertToSelf
RegCloseKey
ReportEventW
RegisterEventSourceW
CryptAcquireContextW
CryptGetUserKey
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
IsTokenRestricted
RegCreateKeyExW
ElfReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
ImpersonateLoggedOnUser
LsaSetInformationPolicy
LsaSetDomainInformationPolicy
RegCreateKeyW
SystemFunction007
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegOpenKeyExW
LsaFreeMemory

gdi32

SelectObject
ExtTextOutW
SetTextColor
DeleteObject
CreateFontIndirectW
LineDDA
LineTo
MoveToEx
CreatePen
SetBkColor
GetDeviceCaps
GetLayout

ole32

CoCreateGuid
PropVariantClear
CoTaskMemFree
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
RpcBindingInqAuthClientW
RpcStringFreeW
UuidToStringW
UuidCreate

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8769bf10e41af045096d52cc19078fe6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

rpcrt4

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 16KB - Virtual size: 48KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 16KB - Virtual size: 48KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB