8383450f4d72d97fe3c5ccfd163b248a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8383450f4d72d97fe3c5ccfd163b248a_JaffaCakes118
Size

148KB
MD5

8383450f4d72d97fe3c5ccfd163b248a
SHA1

9d968e593466fe416906ec3f38734cadd966af7c
SHA256

0f231777addcee34c211424de4386a68548d8432904d94a3747595d7e01da85e
SHA512

52d7cf8f25bc7cc40e48cd9bfe2d8674ee4b30906f40d3248497ccfc0faa0a2217729da5ee91ea51eff109a29d016a2cf0107f664af9e1f05af8c1a6b68603aa
SSDEEP

3072:ovRvO9jvDBPUpNfLAeZz3/TSbnSzOgc2baU3Ww9/jlj3536gtMQ:oNUjrJUpNfLAmz7SezOgBaU3b/jljDM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8383450f4d72d97fe3c5ccfd163b248a_JaffaCakes118

Files

8383450f4d72d97fe3c5ccfd163b248a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

20841610338d8d1718b4785ecf8639ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetLastError
CreateEventA
GetCurrentProcess
GetVolumeInformationA
SetLastError
LeaveCriticalSection
InterlockedDecrement
HeapAlloc
InterlockedCompareExchange
LocalFree
HeapFree
WaitForSingleObject
GetModuleHandleA
ExitProcess
CopyFileA
CreateMutexW
GetProcessHeap
InterlockedIncrement
CreateFileA
OpenEventA
GetCommandLineA
WriteFile
UnmapViewOfFile
GetTickCount
ReadProcessMemory
GetModuleFileNameA
EnterCriticalSection
Sleep
WriteProcessMemory
CreateProcessA
CreateDirectoryA
OpenFileMappingA
LoadLibraryA
MapViewOfFile
CreateFileMappingA
GetProcAddress
GetComputerNameA
GlobalAlloc
CloseHandle
GlobalFree

ole32

CoTaskMemAlloc
CoUninitialize
OleSetContainedObject
CoSetProxyBlanket
CoCreateInstance
OleCreate
CoCreateGuid
CoInitialize

user32

SetWindowLongA
PeekMessageA
GetClassNameA
UnhookWindowsHookEx
RegisterWindowMessageA
DefWindowProcA
TranslateMessage
GetParent
KillTimer
DispatchMessageA
GetWindowLongA
FindWindowA
PostQuitMessage
SendMessageA
DestroyWindow
ClientToScreen
ScreenToClient
SetTimer
GetMessageA
CreateWindowExA
SetWindowsHookExA
GetWindow
GetWindowThreadProcessId
GetCursorPos
GetSystemMetrics

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
DuplicateTokenEx
RegCloseKey
SetTokenInformation
RegQueryValueExA
OpenProcessToken
GetUserNameA

shell32

SHGetFolderPathA

Exports

Exports

d3dPathmm

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ujwxofb
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20841610338d8d1718b4785ecf8639ce

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 952B

ujwxofb Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 952B

ujwxofb
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB