731fd1b06fa5f64544cf59d8a7f730c8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

731fd1b06fa5f64544cf59d8a7f730c8_JaffaCakes118
Size

68KB
MD5

731fd1b06fa5f64544cf59d8a7f730c8
SHA1

152e2dc6569aeec3e083c1379518d20ae17ac418
SHA256

5a738ddfaaf9af6b0edaeeef5fdc26644ba0e3244691671a447a01d4f23fb556
SHA512

0929a912be5775ffa61c0f17f71f66d93fcf7970e189c2900ba7330459ec520172a1f1b85c10f480e5d37ccb95ee253f849106076660743cdb55a0edf0320a30
SSDEEP

1536:4IRTzHbpLR8caTt4KkzZ+7o3IQGJVodV:4MccLlF+7o3IQGJVodV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
731fd1b06fa5f64544cf59d8a7f730c8_JaffaCakes118

Files

731fd1b06fa5f64544cf59d8a7f730c8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

82dbf73f4eab8c54bc592f69fe8c16e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetLastError
GetCurrentProcess
RemoveDirectoryA
GetSystemDefaultLangID
GetSystemDirectoryA
GetWindowsDirectoryA
GetShortPathNameA
WinExec
MoveFileExA
CreateDirectoryA
OpenProcess
DeleteFileA
MultiByteToWideChar
GetProcAddress
CloseHandle
LoadLibraryA
TerminateProcess
FindResourceA
TlsGetValue
SetHandleCount
GetStdHandle
LCMapStringW
HeapSize
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
LCMapStringA
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW

advapi32

RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

shlwapi

SHDeleteKeyA

Exports

Exports

ManagerShortCut
ManagerShortCutEx
UnInstall_OldKw

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82dbf73f4eab8c54bc592f69fe8c16e1

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 904B

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 904B

.reloc
Size: 8KB - Virtual size: 4KB