4c145a16f5d7978af5cc8285a3f64542_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c145a16f5d7978af5cc8285a3f64542_JaffaCakes118
Size

50KB
MD5

4c145a16f5d7978af5cc8285a3f64542
SHA1

50e6ee229c752f28325c5b085ffed692ee3742d5
SHA256

5e58876d7ff90699e8fb64a6db143dfe8dd1bbfcabcc10ef39769096f8512cca
SHA512

f1bede4363b89d91954939d5cedb083ee587f3cc32c20cd0950ca381ee512e8ae3d9e55f43aca20e457f1598d600deacbb8f65ca722e2e895eacbe056bb25044
SSDEEP

768:hBD3dUdf8OlOqHajEKxwdLalioblcBANEdO3nttQlZdylmo0k2m5Bleo:h13Bq6adeYoblcBANEEnIlTylmJR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c145a16f5d7978af5cc8285a3f64542_JaffaCakes118

Files

4c145a16f5d7978af5cc8285a3f64542_JaffaCakes118
.dll windows:2 windows x86 arch:x86

6dae650262bfe473f06414f74bed3b13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UpdateWindow
InvalidateRect
SetTimer
GetDesktopWindow
GetParent
GetSubMenu
GetAsyncKeyState
GetMenuItemCount
GetCapture
PostQuitMessage
DestroyIcon
GetSystemMetrics
SetActiveWindow
GetMenu
BringWindowToTop
SetParent
GetMenuItemID
CreateIconFromResource

dfsssscp

DAD_DragMove
ImmDestroySoftKeyboard
ImmSetStatusWindowPos
ImmCreateIMCC
SdbGetStringTagPtr
ImmGetCandidateListA
DllRegisterServer
ImmPutImeMenuItemsIntoMappedFile
PifMgr_CloseProperties
RestartDialog
SdbGetNextChild
ImmShowSoftKeyboard
ImmGetCompositionWindow
PrintersGetCommand_RunDLLA
SdbReadQWORDTag
FindExecutableA
SdbCloseDatabase
OpenAs_RunDLL
SdbCreateMsiTransformFile
SdbQueryApphelpInformation
ILCreateFromPathA
PathMakeUniqueName
DAD_ShowDragImage
IsUserAnAdmin
ImmGetCandidateWindow
ImmUnlockIMC
SdbGrabMatchingInfoEx
SdbFreeFlagInfo
ImmSetCandidateWindow
PathYetAnotherMakeUniqueName
SdbFindNextTagRef
Control_RunDLLA
ImmGetProperty
SdbFindFirstTagRef
SdbGetDatabaseMatch
ImmGetDefaultIMEWnd

ole32

CoUninitialize
CoInitializeEx
CoCreateGuid

kernel32

SetFilePointer
CreateFileMappingA
MapViewOfFile
FindVolumeMountPointClose
UnmapViewOfFile
SetEndOfFile
ReleaseSemaphore
VirtualQuery
GetSystemTime
HeapFree
GetModuleHandleA
GetExitCodeThread
GlobalAlloc
LockResource
GetCurrentProcess
FileTimeToSystemTime
WaitForMultipleObjects

advapi32

DeleteAce
GetTokenInformation

netapi32

NetShareEnum
NetApiBufferFree

shell32

SHGetDesktopFolder

Exports

Exports

CreateProcessNotify
autoedit

Sections

.text
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dae650262bfe473f06414f74bed3b13

Headers

File Characteristics

Imports

user32

dfsssscp

ole32

kernel32

advapi32

netapi32

shell32

Exports

Exports

Sections

.text Size: 43KB - Virtual size: 44KB

.rdata Size: 3KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 44KB

.rdata
Size: 3KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB