5ecad23b3ae7365a25b11d4d608adffd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5ecad23b3ae7365a25b11d4d608adffd_JaffaCakes118
Size

808KB
MD5

5ecad23b3ae7365a25b11d4d608adffd
SHA1

9e5dd712722e3ca96fce6c092b83e787e3dfa001
SHA256

a72681756346e338e96b3deb8304f5c4a3a0b83c8ed2d9f1444cb229e0e0453b
SHA512

4720b120b00100a5923740a0382e988cfec7bebb9ff8b017963fd9b0abf83dd8e85761172ba65de7bc7d93c5a249d47c507e318220ba1004504e8c11dab9ecb3
SSDEEP

12288:CzOQeyh78IrXbXHQr/fBdYinxl9DuHTUPpBJ:iOQe47BLniJDuHTURBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ecad23b3ae7365a25b11d4d608adffd_JaffaCakes118

Files

5ecad23b3ae7365a25b11d4d608adffd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8b332e545a344e97cc5a907628ad4565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
TerminateThread
SuspendThread
ResumeThread
OpenThread
GetExitCodeThread
InterlockedIncrement
GetCurrentThreadId
SetErrorMode
SetFilePointer
FindClose
CloseHandle
SetEndOfFile
FileTimeToLocalFileTime
GetFileInformationByHandle
SetFileAttributesW
GetFileTime
LocalFileTimeToFileTime
SetFileTime
WriteFile
ReadFile
GetFullPathNameW
CreateFileW
FlushFileBuffers
GetFileSize
GetLastError
FindFirstFileW
SetEnvironmentVariableW
Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
SetEvent
ResetEvent
CreateEventW
OpenEventW
LocalFree
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetVersionExA
SetLastError
OpenMutexW
CreateMutexA
CreateMutexW
ReleaseMutex
ExitThread
GetVersion
ProcessIdToSessionId
CreateFileMappingW
lstrcatW
lstrcpynA
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
GetSystemDirectoryW
lstrcpynW
GetModuleFileNameW
SystemTimeToFileTime
GetSystemTime
SetThreadContext
QueueUserAPC
GetThreadContext
RemoveDirectoryW
GetExitCodeProcess
MoveFileExW
GetShortPathNameW
GetFileAttributesW
LoadLibraryW
GetVolumeInformationW
TerminateProcess
DeleteFileW
CreateProcessW
CopyFileW
GetLongPathNameW
OpenProcess
VirtualAllocEx
SearchPathW
lstrlenA
IsBadStringPtrA
lstrcmpiA
GetModuleHandleA
GetWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetCurrentDirectoryW
VirtualFreeEx
ReadProcessMemory
VirtualProtectEx
VirtualQueryEx
UnmapViewOfFile
FreeLibrary
DuplicateHandle
WaitForMultipleObjectsEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
MapViewOfFile
OpenFileMappingW
FindNextFileW
Thread32First
Thread32Next
CreateToolhelp32Snapshot
CreateEventA
WaitForMultipleObjects
lstrlenW
LocalAlloc
InterlockedExchange
LoadLibraryA
RaiseException
GetCommandLineA
CreateThread
RtlUnwind
GetCurrentThread
HeapSize
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsDebuggerPresent
LCMapStringA
LCMapStringW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetConsoleCtrlHandler
InitializeCriticalSection
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA

Exports

Exports

CreateABHList
CreatePGHDict
DisableDLV
DisableOFR
DisableSHR
EnableDLV
EnableOFR
EnableSHR
FreeABHData
GetSML
GetWPF
ReadVBInfo
RestoreSMLData
WriteVBInfo

Sections

.text
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b332e545a344e97cc5a907628ad4565

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 546KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 32KB - Virtual size: 47KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 548KB - Virtual size: 546KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 32KB - Virtual size: 47KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 48KB - Virtual size: 45KB