69863b21d2db60c5b8de149190367892_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

69863b21d2db60c5b8de149190367892_JaffaCakes118
Size

148KB
MD5

69863b21d2db60c5b8de149190367892
SHA1

fb527187019f9658ec3b300c421666b4ee732f60
SHA256

6a627c50bc0c0418a02d7d13671230bda737941ad514ab720ff45c2843dbf90b
SHA512

5b7f650375a42895e038ca95afddc2a9e67b93c0d55147bcc37efd1665ca34a3af381eb4cee54597905c13dbd4ecf312adffc15989490912ee48465c24bbe214
SSDEEP

3072:d7We88t1Jn3EH4iELrvILG7yVbdoKZciL1nuQzv3GaXVHOjoNV2NI9PyAP:d6e88rJnN3gKGbdIEn1zvxlHOjA4iPyq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
69863b21d2db60c5b8de149190367892_JaffaCakes118

Files

69863b21d2db60c5b8de149190367892_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f221ab22852d9a105316fab1b27e3478

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnmapViewOfFile
WriteFile
LocalFree
WaitForSingleObject
GetModuleFileNameA
OpenEventA
LoadLibraryA
GetComputerNameA
CreateEventA
InterlockedCompareExchange
GetModuleHandleA
CreateFileMappingA
GetProcessHeap
OpenFileMappingA
TerminateProcess
ReadProcessMemory
ExitProcess
GetCurrentProcess
CopyFileA
SetLastError
CreateProcessA
GetCommandLineA
InterlockedDecrement
HeapAlloc
GetLastError
LeaveCriticalSection
HeapFree
CreateDirectoryA
InterlockedIncrement
GlobalFree
GlobalAlloc
Sleep
EnterCriticalSection
MapViewOfFile
GetVolumeInformationA
GetTickCount
CreateMutexW
GetProcAddress
CloseHandle
CreateFileA
WriteProcessMemory

ole32

CoInitialize
OleSetContainedObject
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoCreateInstance
OleCreate
CoSetProxyBlanket

user32

DefWindowProcA
SetWindowLongA
GetParent
TranslateMessage
ScreenToClient
DestroyWindow
DispatchMessageA
GetWindow
SetWindowsHookExA
PostQuitMessage
GetWindowLongA
PeekMessageA
GetClassNameA
GetSystemMetrics
KillTimer
SetTimer
ClientToScreen
GetMessageA
RegisterWindowMessageA
SendMessageA
CreateWindowExA
GetWindowThreadProcessId
UnhookWindowsHookEx
FindWindowA
GetCursorPos

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

OpenProcessToken
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
SetTokenInformation
RegSetValueExA
GetUserNameA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
DuplicateTokenEx

shell32

SHGetFolderPathA

Exports

Exports

fxWebSvcs

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pwtfmzk
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f221ab22852d9a105316fab1b27e3478

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 976B

pwtfmzk Size: 4KB - Virtual size: 8B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 976B

pwtfmzk
Size: 4KB - Virtual size: 8B

.reloc
Size: 8KB - Virtual size: 6KB