4a2d160646f72c00019f83c2190cd42f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a2d160646f72c00019f83c2190cd42f_JaffaCakes118
Size

108KB
MD5

4a2d160646f72c00019f83c2190cd42f
SHA1

c5542e2388b45a38ec8e025bdeb49ce750292efd
SHA256

c8684a806271ff20d02c6ad66182c576d7712bd4b13a4d108ff507ea3ca2f058
SHA512

a7173d5507eff32a850f42cfde2fed62811c0e86a17e334b6ac105388c2822f9121936d12e98d5e78a715fad9471f9fa6d05ecb597a45b6780498be59f36a0ff
SSDEEP

1536:K56ZH/EKOHaVUFhfEy5Xf72CW5nj2rTaM7rUtXPtnm:9ZOiwLW57M7It/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a2d160646f72c00019f83c2190cd42f_JaffaCakes118

Files

4a2d160646f72c00019f83c2190cd42f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a602961b7ccb40123363e77ffd23412c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

PostMessageA
IsWindow
GetTopWindow
PostThreadMessageA
GetWindowThreadProcessId
EnumWindows

kernel32

GetThreadLocale
FlushFileBuffers
TerminateProcess
OpenFileMappingA
MapViewOfFile
GetWindowsDirectoryA
UnmapViewOfFile
GetSystemDirectoryA
GetCommandLineA
GetModuleHandleA
OpenProcess
GetLastError
WaitForSingleObject
Sleep
GetVersionExA
CloseHandle
GetVersion
LoadLibraryA
HeapFree
SetFilePointer
WideCharToMultiByte
MultiByteToWideChar
WriteFile
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
InitializeCriticalSection
GetProcessHeap
GetModuleFileNameA
CreateFileA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
HeapSize
InterlockedExchange
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

oleaut32

VariantChangeType
VariantInit

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

KillNDrv
KillRU

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a602961b7ccb40123363e77ffd23412c

Headers

File Characteristics

Imports

user32

kernel32

oleaut32

advapi32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 34KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 34KB

.reloc
Size: 8KB - Virtual size: 7KB