478b941465e1a5d5e84e2e2872a16765_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

478b941465e1a5d5e84e2e2872a16765_JaffaCakes118
Size

184KB
MD5

478b941465e1a5d5e84e2e2872a16765
SHA1

c0b482f0279b5205fa64e248f52cbfc7904ff8ba
SHA256

e88e1b8167ac746f07e7f1bc499c02256eb770c80551a5c703a7caa6d86f6e7b
SHA512

31324a4acfacca5cbb42fdf7061b7423d39f553084a0206a3d72fe1a217f5b033b1be475ffb155a81fd6e90e1aacd3849b6b81ec4740c263a4699c724d8c8a8e
SSDEEP

3072:/u0n5qPebJ1okKc28oom2M1uonKrDBKeR:/u05DUVhcM1uo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
478b941465e1a5d5e84e2e2872a16765_JaffaCakes118

Files

478b941465e1a5d5e84e2e2872a16765_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7366332f7b3cc2eb087d430bd8477154

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
LockResource
LCMapStringA
LCMapStringW
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetOEMCP
GetACP
InterlockedIncrement
InterlockedDecrement
GetCPInfo
IsBadCodePtr
IsBadReadPtr
WriteFile
GetEnvironmentStringsW
SetUnhandledExceptionFilter
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetStartupInfoA
GetFileType
FreeEnvironmentStringsA
SetHandleCount
GetStdHandle
TlsGetValue
SetLastError
GetLastError
TlsAlloc
TlsSetValue
TlsFree
IsBadWritePtr
VirtualAlloc
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
DeleteCriticalSection
HeapDestroy
HeapSize
HeapCreate
GetCurrentProcess
FreeLibrary
HeapReAlloc
TerminateProcess
LoadResource
FindResourceA
FreeResource
lstrcatA
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
GetProcAddress
GetVersion
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA

user32

MessageBoxA
GetForegroundWindow
SetRectEmpty
wsprintfA
LoadStringA
GetDC
CopyRect
ReleaseDC
SetWindowLongA
DefWindowProcA
GetWindowLongA
SendMessageA
UpdateWindow
InvalidateRect
GetCursorPos
CreateWindowExA
PostMessageA
GetCapture
PtInRect
ClientToScreen
IsWindowEnabled
EnableWindow
LoadAcceleratorsA
GetDesktopWindow
DrawAnimatedRects
TrackPopupMenu
SetRect
CheckMenuItem
CreatePopupMenu
IsMenu
DestroyMenu
AppendMenuA
SetCursor
SystemParametersInfoA
IntersectRect
GetWindowRect
GetSystemMetrics
GetClientRect
EqualRect
ReleaseCapture
EndPaint
BeginPaint
FrameRect
GetMessageA
SetCapture
PeekMessageA
DestroyWindow
TranslateMessage
DispatchMessageA
LoadCursorA
IsWindow
BringWindowToTop
RegisterClassA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
CreateSolidBrush
DeleteObject
StretchBlt
DeleteDC
CreateDIBitmap
GetStockObject
GetObjectA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecA

Exports

Exports

TwainUI_EntryPoint

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7366332f7b3cc2eb087d430bd8477154

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

version

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 120KB - Virtual size: 122KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 120KB - Virtual size: 122KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB