48188753a0cb0d4dd80680d007229b95_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

48188753a0cb0d4dd80680d007229b95_JaffaCakes118
Size

128KB
MD5

48188753a0cb0d4dd80680d007229b95
SHA1

4a1ef8b2651171e2bd3dc5c855bd8cbc6ac9396a
SHA256

90493ac0375ce6f85600defceafb5b14157fbf4fcb5ccbc5a952a40940b7b7c4
SHA512

4a544a0b395a80cc0077b6035ee6fc2cc2134fb05f1460b6dd0eacc43ecae515fd775364e40b7a77cc3d43f59296906fb6e79ec2c4805c595b7b7709452a7a7f
SSDEEP

3072:bbBgAYaJm6/I2HojloO4VEyQTnGgSIt6YVokefaR:b+AZ86/I2Iy7tqGXIR8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48188753a0cb0d4dd80680d007229b95_JaffaCakes118

Files

48188753a0cb0d4dd80680d007229b95_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c1fac1cc6ea8b97e79ae53ae055d2acc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetThreadContext
SetThreadPriority
GetThreadPriority
ResumeThread
LoadLibraryA
GetProcAddress
GetModuleHandleA
IsBadReadPtr
FlushInstructionCache
GetCurrentProcess
VirtualProtect
lstrcmpA
GetCurrentProcessId
CreateThread
GetTickCount
CloseHandle
WaitForSingleObject
GetComputerNameW
GetModuleFileNameA
GetCurrentThread
Process32Next
Process32First
CreateToolhelp32Snapshot
EnterCriticalSection
SetLastError
DisableThreadLibraryCalls
GetLastError
GetExitCodeProcess
OpenProcess
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
FindClose
CopyFileA
FindNextFileA
FindFirstFileA
CreateDirectoryA
MultiByteToWideChar
lstrlenA
GetFileTime
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
LeaveCriticalSection
InitializeCriticalSection
lstrcmpiA
DeleteCriticalSection
GetStringTypeW
GetStringTypeA
GetCPInfo
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
Sleep
MoveFileA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
ReadFile
WriteFile
SetFilePointer
WideCharToMultiByte
ExitProcess
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
LCMapStringA
LCMapStringW
TerminateProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadCodePtr

user32

GetWindowThreadProcessId
GetKeyboardLayout
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
GetForegroundWindow

advapi32

ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf

oleaut32

SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYNC
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1fac1cc6ea8b97e79ae53ae055d2acc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 18KB

.SYNC Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 18KB

.SYNC
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB