5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118
Size

156KB
MD5

5cd28b5b0e25e06f3ff024fb7957bb64
SHA1

0e5fde1903dd84aaed6f3672b505936c128edcd4
SHA256

c2b43e5ed0cf1b26ba4203331cb404400107adbf472afbccc3d2b4b12c194e75
SHA512

09f389c59af6655cf567e4f9eeb06ad6f12bd4a48931e0991e934bce4320ac585fabf22fd54ca3d93dec38093618db71175978c49535dc87a336604cfc37c364
SSDEEP

3072:pX1ZvjqDrRlvCapABqdG5cWHV/In3+9BRLLlQdA/6:bZOfLpA4g5cWHV1LxQdo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118

Files

5cd28b5b0e25e06f3ff024fb7957bb64_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7d79b42afd1076415122ab79c988a139

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetLastError
InterlockedDecrement
CreateEventA
Sleep
GetProcAddress
CopyFileA
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateDirectoryA
OpenFileMappingA
CreateFileA
GetCommandLineA
GetProcessHeap
GetTickCount
HeapFree
HeapAlloc
CreateProcessA
LeaveCriticalSection
CreateFileMappingA
CreateMutexW
GlobalAlloc
ExitProcess
GetModuleFileNameA
OpenEventA
TerminateProcess
GetCurrentProcess
GlobalFree
GetComputerNameA
ReadProcessMemory
EnterCriticalSection
LocalFree
WaitForSingleObject
GetModuleHandleA
InterlockedCompareExchange
SetLastError
GetVolumeInformationA
WriteFile
InterlockedIncrement
WriteProcessMemory

ole32

CoInitialize
CoSetProxyBlanket
OleSetContainedObject
CoCreateInstance
CoTaskMemAlloc
OleCreate
CoCreateGuid
CoUninitialize

user32

GetMessageA
UnhookWindowsHookEx
TranslateMessage
SendMessageA
DispatchMessageA
GetSystemMetrics
PeekMessageA
GetClassNameA
RegisterWindowMessageA
SetWindowLongA
ClientToScreen
GetWindowThreadProcessId
ScreenToClient
GetCursorPos
SetTimer
SetWindowsHookExA
KillTimer
DestroyWindow
GetWindow
FindWindowA
DefWindowProcA
GetParent
CreateWindowExA
GetWindowLongA
PostQuitMessage

oleaut32

SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegDeleteKeyA
RegDeleteValueA
GetUserNameA
OpenProcessToken
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
SetTokenInformation
RegCloseKey
DuplicateTokenEx

shell32

SHGetFolderPathA

Exports

Exports

ieHelpServices

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lbbsjb
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d79b42afd1076415122ab79c988a139

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 948B

lbbsjb Size: 4KB - Virtual size: 20B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 948B

lbbsjb
Size: 4KB - Virtual size: 20B

.reloc
Size: 8KB - Virtual size: 6KB