5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118
Size

144KB
MD5

5cc999a7bf8ce5139c9feb136167a232
SHA1

c004e3f3ffbe15ecdad4a9461e1c48d5e8b5d622
SHA256

3f9e3503b9d314e7ac6caaec3de0aa56296bf491b39023e6730d6de481ec46eb
SHA512

6681ebe809009a8abd67df341bf62a532cb7e9885471d57998282fb6ac54684cd62eca78ad6c1b51d1214d0978aac942c02ae5fa2954ff9a9f624c5c40f82194
SSDEEP

1536:xbBDw3LHMXuzlFCGEAIibETtW33Gn+WgRcpOFIDWpgqE8tQSnoI+4Hgz:xbBOmMcGhIy1W+NKUpgOtQSnoQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118

Files

5cc999a7bf8ce5139c9feb136167a232_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1d49d62755b42fe3602c74b8759948a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
IsBadReadPtr
FlushInstructionCache
GetCurrentProcess
VirtualProtect
lstrcmpA
SetThreadContext
WriteProcessMemory
VirtualAllocEx
GetThreadContext
SetThreadPriority
GetThreadPriority
ResumeThread
GetTickCount
CloseHandle
WaitForSingleObject
GetModuleFileNameA
GetCurrentThreadId
GetComputerNameW
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
GetProcAddress
GetLastError
GetExitCodeProcess
OpenProcess
GetVersionExA
HeapFree
GetProcessHeap
CreateThread
HeapAlloc
FindClose
FindNextFileA
FindFirstFileA
MultiByteToWideChar
lstrlenA
GetFileTime
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
GetStringTypeW
LoadLibraryA
InitializeCriticalSection
GetCurrentProcessId
GetStringTypeA
GetCPInfo
RtlUnwind
Sleep
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
MoveFileA
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ReadFile
WriteFile
WideCharToMultiByte
ExitProcess
SetStdHandle
LCMapStringA
LCMapStringW
TerminateProcess
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadCodePtr

user32

FindWindowA
GetMessageA
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
MapVirtualKeyExA
GetKeyboardState

advapi32

ImpersonateLoggedOnUser
RevertToSelf

oleaut32

SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen

mpr

WNetAddConnection2A
WNetCancelConnection2A

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SYNC
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d49d62755b42fe3602c74b8759948a4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 17KB

.SYNC Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 17KB

.SYNC
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 9KB