70b00f1e4437842854badea1a6d01416_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70b00f1e4437842854badea1a6d01416_JaffaCakes118
Size

132KB
MD5

70b00f1e4437842854badea1a6d01416
SHA1

8d0b70f25620def8eef34c4f9cb07cdcfac8c763
SHA256

b57348dbd8fdf53cb0f535339a28bc0a8c597d61c8234650d2790e1a75f3b1ec
SHA512

3f8f3fb0fcc10d05d9a3ed8ed195b0d76f564a167818237b1f64c8532a4b4d465cd82239958afc093b5e7f53f2aedadd531cd3721999d1db93d92e3745575b7c
SSDEEP

3072:tLs7Ja3NePAcoyR92yawlV2p1ABsJo8m2KnF4X4oCpC7:SiNMV8wQaBbNMXe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70b00f1e4437842854badea1a6d01416_JaffaCakes118

Files

70b00f1e4437842854badea1a6d01416_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d1da1db9d52eea1428f9003cec814eda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
Sleep
InterlockedCompareExchange
LCMapStringW
GetVersionExW
GetModuleFileNameW
GetStringTypeA
LCMapStringA
GetOEMCP
GetCPInfo
InterlockedExchange
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
ExitProcess
GetWindowsDirectoryA
TlsGetValue
TlsSetValue
InterlockedDecrement
InterlockedIncrement
GetSystemDefaultLCID
GetUserDefaultLCID
GetCommandLineA
GetACP
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetExitCodeThread
CreateThread
DeviceIoControl
CreateFileA
GetProcessHeap
lstrcpyA
lstrlenA
lstrcatA
GlobalFree
WriteFile
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
DisableThreadLibraryCalls
GetFileInformationByHandle
VirtualProtect
GetEnvironmentStringsW
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetVersion
HeapAlloc
HeapFree
RtlUnwind
GetStringTypeW

user32

SendDlgItemMessageA
SetFocus
DialogBoxParamA
SetWindowLongA
SetDlgItemTextA
EndDialog
GetWindowLongA
GetDlgItem
LoadStringA
PeekMessageA
MsgWaitForMultipleObjects
GetDlgItemTextA
GetWindowTextA
MessageBoxA

advapi32

CryptImportKey
CopySid
GetLengthSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
IsValidSid
RegCreateKeyW
RegSetValueExW
LookupAccountSidW
RegQueryValueA
IsTextUnicode
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
CryptReleaseContext
CryptDestroyHash
CryptGetUserKey
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptExportKey
CryptGenRandom
CryptDestroyKey
CryptAcquireContextA

ole32

CoCreateGuid
CoGetMalloc
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CreateBindCtx
CoTaskMemFree
StringFromGUID2

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1da1db9d52eea1428f9003cec814eda

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB