633c1c95558f215890eb561d56950091_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

633c1c95558f215890eb561d56950091_JaffaCakes118
Size

241KB
MD5

633c1c95558f215890eb561d56950091
SHA1

ec1d56f2306d9eb7bff1bdb1f674ad5df1fc03ad
SHA256

17a33960ef25a85cc5948477ed6f91a4caa30cc31a42e83676c60dcfddf336fd
SHA512

f53f7cc2c4cc1b56a2258a2eb41892cc73cfb60bc536edc3ba21e208ce52311c6539c7671e4f16ecbdd1eea1034921081236fd404dc206f6a384773b49c55560
SSDEEP

3072:1Q48vpJ5haVT8y5OuLpLg8MxRcK1ji+wKKeHntDXYttzBr:1Q48vdhaVT8y539s/R7HntDG1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
633c1c95558f215890eb561d56950091_JaffaCakes118

Files

633c1c95558f215890eb561d56950091_JaffaCakes118
.dll windows:4 windows x86 arch:x86

379815aa1d12f5d25f33aad7102275ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
CloseHandle
GetTickCount
GetCurrentProcess
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetExitCodeThread
OpenFileMappingA
CreateFileA
WriteFile
MapViewOfFile
UnmapViewOfFile
SetEvent
ExitThread
GetCurrentProcessId
GetLastError
ResetEvent
WaitForSingleObject
CreateEventW
InterlockedIncrement
DebugBreak
ReleaseSemaphore
GetQueuedCompletionStatus
CreateSemaphoreW
PostQueuedCompletionStatus
WaitForSingleObjectEx
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
LoadLibraryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
HeapDestroy
HeapAlloc
HeapCreate
GetProcAddress
WideCharToMultiByte
HeapFree
LoadLibraryW
InterlockedDecrement
TlsGetValue
FreeLibrary
TlsAlloc
TlsSetValue
TlsFree
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
SetLastError
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
VirtualAlloc
HeapReAlloc
GetStdHandle
GetModuleFileNameA
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer

user32

CharLowerA
PostMessageW
UnregisterClassW
PostQuitMessage
GetMessageW
TranslateMessage
IsWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
DestroyWindow

ws2_32

WSASetLastError
WPUCompleteOverlappedRequest
WSCGetProviderPath
WSCEnumProtocols
WSAGetLastError

psapi

GetModuleBaseNameA

Exports

Exports

GetLspGuid
WSPStartup

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

379815aa1d12f5d25f33aad7102275ee

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 148KB - Virtual size: 147KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 5KB - Virtual size: 76KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 148KB - Virtual size: 147KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 5KB - Virtual size: 76KB

.reloc
Size: 11KB - Virtual size: 10KB