74bbe66684782c9d5c199569564cdd43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74bbe66684782c9d5c199569564cdd43_JaffaCakes118
Size

148KB
MD5

74bbe66684782c9d5c199569564cdd43
SHA1

440401543f764846b7f44bf1a47ddbd2db010bfe
SHA256

8e1e4effc1ae5bc136cabaccbb569b1c37e9f8a7ae1a83d11b97bf0bc0e1384d
SHA512

37a09e4bd381131be1e5338ae2c21bc106a7e73f68692e92a193f2d0f2ef31f9478a8f48124bc5a48907257952d06accf5231429fddcbd37586cb02e615db57b
SSDEEP

3072:8JtfYEp/xugiuh/fsSjnBqVC9wiyU5QVtvpALLV035yKzWg0:8JpYEp/xFNRBqVC9Xy8Q3vpAuJjx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74bbe66684782c9d5c199569564cdd43_JaffaCakes118

Files

74bbe66684782c9d5c199569564cdd43_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1c3800c38ff5a352873e6b94c10a9fbc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetProcAddress
ReadProcessMemory
TerminateProcess
MapViewOfFile
OpenEventA
HeapFree
GetVolumeInformationA
GetModuleFileNameA
CreateDirectoryA
HeapAlloc
WaitForSingleObject
SetLastError
CopyFileA
ExitProcess
GlobalFree
CreateMutexW
LeaveCriticalSection
InterlockedCompareExchange
LocalFree
LoadLibraryA
GetTickCount
WriteProcessMemory
InterlockedIncrement
GetCurrentProcess
GlobalAlloc
CreateFileA
GetComputerNameA
GetModuleHandleA
CloseHandle
InterlockedDecrement
OpenFileMappingA
GetCommandLineA
WriteFile
UnmapViewOfFile
GetLastError
CreateFileMappingA
CreateEventA
EnterCriticalSection
Sleep
CreateProcessA

ole32

OleCreate
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoCreateGuid
CoTaskMemAlloc
OleSetContainedObject
CoInitialize

user32

FindWindowA
GetWindowThreadProcessId
SetTimer
KillTimer
GetMessageA
RegisterWindowMessageA
GetWindowLongA
UnhookWindowsHookEx
GetParent
SendMessageA
PostQuitMessage
GetClassNameA
ScreenToClient
DestroyWindow
ClientToScreen
SetWindowsHookExA
SetWindowLongA
DispatchMessageA
GetWindow
GetCursorPos
PeekMessageA
DefWindowProcA
CreateWindowExA
GetSystemMetrics
TranslateMessage

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

GetUserNameA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegDeleteValueA
DuplicateTokenEx
OpenProcessToken
RegCreateKeyExA
RegOpenKeyExA
SetTokenInformation
RegSetValueExA

shell32

SHGetFolderPathA

Exports

Exports

BluetoothEventxx

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bvrpcw
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c3800c38ff5a352873e6b94c10a9fbc

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 988B

bvrpcw Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 988B

bvrpcw
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 6KB