68244844276670d4631a7981df783eb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68244844276670d4631a7981df783eb6_JaffaCakes118
Size

148KB
MD5

68244844276670d4631a7981df783eb6
SHA1

a608f015fdd5c553778ec28856a5abccb59bfa4c
SHA256

3f651ea0fd2d346c3b125e833d6504c718740b9027698c3d11e26cf335fd319c
SHA512

72849d5e52d7ec5b6ce56566568a842221144f03704aaa39ce6ee99b9cbc17e86af672a7e08c5255f50caf979a1fbd7a6a9419271befd3d37020241e1afae0d3
SSDEEP

3072:eTN7+keFI/46LU6grbkA5E/2MOunQqv7kk7wpW97+iIUsJ9uXj:eRL4MU5bEx7DwpY7+wsJo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68244844276670d4631a7981df783eb6_JaffaCakes118

Files

68244844276670d4631a7981df783eb6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5db7a111db05628ac80e99c07050a319

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
GlobalFree
MapViewOfFile
CloseHandle
GetComputerNameA
CreateEventA
WriteProcessMemory
CreateMutexW
CopyFileA
SetLastError
Sleep
OpenEventA
CreateDirectoryA
GlobalAlloc
ReadProcessMemory
GetTickCount
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingA
CreateFileA
TerminateProcess
InterlockedIncrement
GetCurrentProcess
InterlockedCompareExchange
LocalFree
HeapFree
CreateProcessA
LoadLibraryA
GetModuleHandleA
LeaveCriticalSection
GetProcessHeap
EnterCriticalSection
GetLastError
GetModuleFileNameA
GetVolumeInformationA
InterlockedDecrement
GetCommandLineA
ExitProcess
GetProcAddress
WriteFile
HeapAlloc

ole32

CoCreateGuid
CoInitialize
CoTaskMemAlloc
OleCreate
CoSetProxyBlanket
OleSetContainedObject
CoCreateInstance
CoUninitialize

user32

GetCursorPos
UnhookWindowsHookEx
ScreenToClient
GetWindowThreadProcessId
GetWindow
SendMessageA
GetSystemMetrics
DefWindowProcA
CreateWindowExA
DispatchMessageA
SetWindowLongA
PeekMessageA
ClientToScreen
KillTimer
DestroyWindow
FindWindowA
SetTimer
TranslateMessage
GetMessageA
GetClassNameA
GetParent
SetWindowsHookExA
PostQuitMessage
RegisterWindowMessageA
GetWindowLongA

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
GetUserNameA
DuplicateTokenEx
SetTokenInformation
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
OpenProcessToken

shell32

SHGetFolderPathA

Exports

Exports

CdUserserv

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wyy
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5db7a111db05628ac80e99c07050a319

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 928B

wyy Size: 4KB - Virtual size: 12B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 928B

wyy
Size: 4KB - Virtual size: 12B

.reloc
Size: 8KB - Virtual size: 6KB