885348f56295aa02411f05c09f40dd2f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

885348f56295aa02411f05c09f40dd2f_JaffaCakes118
Size

148KB
MD5

885348f56295aa02411f05c09f40dd2f
SHA1

a56aa241891dcb18dbe1c4e56bc3223a5e20e62a
SHA256

2b8ba3345ec7cafc1ea91b4f8e8241e3772565b911e3e5306a672fcc4eb3cd64
SHA512

a6b842452fa8f12a928bb3b92a35b3ca28d1ab4fd965085c35128419cc214410a63334753f86d9788a0d64508976f959ae4f0ce4999ed91a570300aea6763cb7
SSDEEP

3072:pOYdWWmGM9vaFOeMy32pLhG/N4MwpNAS6TfFHxxXLodeRaLnIa:pHdWtGmiFjMLhG/N8pNeTNHjoRLnI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
885348f56295aa02411f05c09f40dd2f_JaffaCakes118

Files

885348f56295aa02411f05c09f40dd2f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f94b149b21cde309a8d4e94ec20b4225

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetCurrentProcess
Sleep
UnmapViewOfFile
GetModuleHandleA
OpenEventA
GlobalFree
InterlockedCompareExchange
GetProcessHeap
GetVolumeInformationA
WriteFile
CreateDirectoryA
CreateFileMappingA
GetProcAddress
GetModuleFileNameA
ExitProcess
InterlockedIncrement
WriteProcessMemory
CreateProcessA
CopyFileA
GetCommandLineA
MapViewOfFile
GlobalAlloc
ReadProcessMemory
CreateEventA
WaitForSingleObject
LocalFree
OpenFileMappingA
CloseHandle
GetTickCount
HeapFree
LeaveCriticalSection
InterlockedDecrement
CreateFileA
HeapAlloc
EnterCriticalSection
CreateMutexW
LoadLibraryA
GetLastError
GetComputerNameA
SetLastError

ole32

CoInitialize
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
OleCreate
CoCreateInstance
CoSetProxyBlanket
OleSetContainedObject

user32

ScreenToClient
UnhookWindowsHookEx
GetMessageA
SendMessageA
RegisterWindowMessageA
GetWindow
FindWindowA
SetTimer
SetWindowsHookExA
DispatchMessageA
ClientToScreen
CreateWindowExA
GetWindowThreadProcessId
KillTimer
GetParent
DefWindowProcA
PostQuitMessage
DestroyWindow
PeekMessageA
GetCursorPos
GetClassNameA
GetWindowLongA
TranslateMessage
SetWindowLongA
GetSystemMetrics

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegSetValueExA
RegDeleteKeyA
SetTokenInformation
RegCreateKeyExA
DuplicateTokenEx
RegDeleteValueA
OpenProcessToken
RegQueryValueExA
GetUserNameA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

nsapilib

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f94b149b21cde309a8d4e94ec20b4225

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1008B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1008B

.reloc
Size: 8KB - Virtual size: 6KB