4de7d1ce2fafd51c797090d8a8e8edf3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4de7d1ce2fafd51c797090d8a8e8edf3_JaffaCakes118
Size

144KB
MD5

4de7d1ce2fafd51c797090d8a8e8edf3
SHA1

5978cab51d6c884bafb08e8d2ced1df868c1113b
SHA256

8dc676f5266272973dd42e91b5443ec2309a1bcccbbe8eb5bce84c5281a6296d
SHA512

199d5b6258254d6e18e8e31dec887f6ca3f82feac647073fe17c7ce3aa32d7b8088ffe64300a43ab721427870f570ce96763a9b687072c8f1ae7566c2b2c34cd
SSDEEP

3072:NX0opwUZKp8H4Abq2eR+HKkdYT6DIN2dePnYSInUtkd1G2Y2uIzu:NXBpwUZb4AbqpIYT6D2fPnY7Vd1GjO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4de7d1ce2fafd51c797090d8a8e8edf3_JaffaCakes118

Files

4de7d1ce2fafd51c797090d8a8e8edf3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6a5ec36421eeff24fc5fac5853dcaaff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
UnmapViewOfFile
InterlockedIncrement
LoadLibraryA
ReadProcessMemory
ExitProcess
GetVolumeInformationA
GetProcAddress
GlobalAlloc
OpenFileMappingA
CopyFileA
GetProcessHeap
OpenEventA
HeapAlloc
Sleep
GetTickCount
CreateFileA
CreateMutexW
GetComputerNameA
WaitForSingleObject
CreateDirectoryA
SetLastError
TerminateProcess
GetLastError
LeaveCriticalSection
GetCommandLineA
CreateFileMappingA
CreateProcessA
InterlockedCompareExchange
InterlockedDecrement
WriteProcessMemory
WriteFile
EnterCriticalSection
MapViewOfFile
GetModuleHandleA
GlobalFree
GetModuleFileNameA
CloseHandle
GetCurrentProcess
LocalFree
HeapFree

ole32

OleCreate
CoUninitialize
CoSetProxyBlanket
CoCreateGuid
OleSetContainedObject
CoTaskMemAlloc
CoInitialize
CoCreateInstance

user32

FindWindowA
RegisterWindowMessageA
UnhookWindowsHookEx
SetTimer
TranslateMessage
DefWindowProcA
GetWindowLongA
GetMessageA
DestroyWindow
SetWindowsHookExA
KillTimer
GetSystemMetrics
GetWindow
GetClassNameA
PeekMessageA
PostQuitMessage
CreateWindowExA
SendMessageA
DispatchMessageA
GetWindowThreadProcessId
ScreenToClient
SetWindowLongA
GetParent
ClientToScreen
GetCursorPos

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

OpenProcessToken
RegOpenKeyExA
GetUserNameA
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
DuplicateTokenEx
RegDeleteKeyA
RegCloseKey
SetTokenInformation
RegSetValueExA

shell32

SHGetFolderPathA

Exports

Exports

smpcfgPort

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a5ec36421eeff24fc5fac5853dcaaff

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 960B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 960B

.reloc
Size: 8KB - Virtual size: 6KB