873ab63b74a3262b89cf2f3084dc2598_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

873ab63b74a3262b89cf2f3084dc2598_JaffaCakes118
Size

98KB
MD5

873ab63b74a3262b89cf2f3084dc2598
SHA1

c04be0895831fbca7644c74af48fbb25bc3c9fbe
SHA256

3c4e2158adb948d64d3c969464dd38abd39bbb03b2663aca29658bd760da87fd
SHA512

1a30f9f7dc3fd117b2d26bd47b1821e15a12fde4f5dc260ae7ad85763e6a934848711f4ef49ad290445cfc64ce49fa3758e83f3ffd07910d280390a670992670
SSDEEP

1536:18sSPheZSkfzjORXc9sSmXR8bWmCyiKY++MCXaXhXoreV:eeBPOeqXunC9NU5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873ab63b74a3262b89cf2f3084dc2598_JaffaCakes118

Files

873ab63b74a3262b89cf2f3084dc2598_JaffaCakes118
.dll windows:5 windows x86 arch:x86

b8d3f388fbec8aff23ac01af8cc1ce84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcscpy
wcscspn
wcsspn
wcspbrk
wcsstr
wcsncpy
wcsxfrm
wcscat
_getwch
wcschr
memcpy
strcpy

kernel32

GetModuleHandleA
GetFileTime
GetSystemTime
GlobalMemoryStatus
FindResourceA
SystemTimeToFileTime
CompareFileTime
CreateDirectoryW
UnlockFile
LockFile
GetProcessHeap
HeapDestroy
GetLastError
LockFileEx
LocalAlloc
LockResource
RemoveDirectoryW
OpenEventW
CloseHandle
EnumResourceLanguagesW
LocalFree
SuspendThread
ResumeThread
VirtualProtectEx
InterlockedExchange
LoadLibraryA
RaiseException
LoadResource
WaitForSingleObject
GetModuleFileNameW
OpenFileMappingW
GetCurrentProcess
GetModuleHandleW
FreeLibrary
MulDiv
GetProcAddress

user32

TranslateAcceleratorA
GetWindowTextA
OffsetRect
TranslateMessage
BeginPaint
SetParent
GetParent
DrawTextA
ScreenToClient
SetWindowRgn
GetMessageA
ClientToScreen
EndPaint
GetClipboardOwner
CreateWindowExA
MessageBoxA
GetDC
IsCharAlphaW
DestroyWindow
GetWindowRgn
ShowWindow
DispatchMessageA
SetWindowTextA
SwitchToThisWindow
CloseWindow
ValidateRgn
MoveWindow
IntersectRect
UnionRect
IsWindowVisible

gdi32

GetDCPenColor
DPtoLP
SetDCPenColor
Chord
GetTextMetricsA
GetPixel
RestoreDC
GetDCOrgEx
DeleteObject
CreateCompatibleDC
SetMapperFlags
CreateRectRgn
GetCharWidthA

advapi32

ReadEventLogW
ReportEventA
GetOldestEventLogRecord
DeregisterEventSource
GetKernelObjectSecurity
OpenBackupEventLogW
OpenEventLogW
ReadEncryptedFileRaw
OpenEncryptedFileRawA

Exports

Exports

_ModifyFileFlagBits@4
_SetFileData@4
_SetFileFlags@4
_UpdateCurrentFilePos@16
_UpdateFlagsForFile@12

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA2
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORTS
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KDATA
Size: 512B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8d3f388fbec8aff23ac01af8cc1ce84

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

DATA2 Size: 1024B - Virtual size: 944B

IMPORTS Size: 3KB - Virtual size: 2KB

KDATA Size: 512B - Virtual size: 564B

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 1024B - Virtual size: 786B

.text
Size: 11KB - Virtual size: 10KB

DATA2
Size: 1024B - Virtual size: 944B

IMPORTS
Size: 3KB - Virtual size: 2KB

KDATA
Size: 512B - Virtual size: 564B

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 1024B - Virtual size: 786B