657c4f8537a66f49de7112942350940c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

657c4f8537a66f49de7112942350940c_JaffaCakes118
Size

100KB
MD5

657c4f8537a66f49de7112942350940c
SHA1

d50cc099968860dd59c4287f5a5c1de06fb01e18
SHA256

2287be00c1d443acde09781efc86be69afc4f38cbf7a59da9916c42a295a7304
SHA512

a830c09f3d6e34bc06a79cb0848195fc12959829338cc4a73f0e11a5b47b58d3279b8c9232660f26c7c9fc79ea84690c99f8661e42a7532e5b34c058daa148cc
SSDEEP

3072:iOhuX/4CR1K25ifqm+8EFoFnmfEltU1lfMaw:iJRE25fDoG9XM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
657c4f8537a66f49de7112942350940c_JaffaCakes118

Files

657c4f8537a66f49de7112942350940c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92b233d3c375cb279329891f0f9e9581

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
GetAccessPermissionsForObjectW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetServiceDisplayNameA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
SetNamedSecurityInfoA
SetNamedSecurityInfoW
SystemFunction017

gdi32

GetCharWidthW
AbortPath

kernel32

VirtualAlloc
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessW
FormatMessageA
FreeLibrary
GetCommMask
GetCurrentDirectoryA
GetCurrentProcess
GetLastError
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetSystemInfo
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
HeapAlloc
HeapFree
LoadLibraryA
LoadLibraryExA
LocalFree
MoveFileA
MultiByteToWideChar
SetCurrentDirectoryA
SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
LoadResource
FindResourceA
CompareStringW
CompareStringA
GetLocaleInfoW
SetEnvironmentVariableA
VirtualProtect
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineA
ExitProcess
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

ole32

EnableHookObject
STGMEDIUM_UserMarshal

user32

wsprintfA
MessageBoxExA
LoadStringA
ExcludeUpdateRgn
CharPrevA
CharNextA

Exports

Exports

Wpmoyzazy

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92b233d3c375cb279329891f0f9e9581

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

user32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB