8879e9ca4b0e8d3300004006b0e191cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8879e9ca4b0e8d3300004006b0e191cc_JaffaCakes118
Size

348KB
MD5

8879e9ca4b0e8d3300004006b0e191cc
SHA1

344a84cf0b24c32b9a69b82d21ef34a14007bf13
SHA256

706d936c297e35543859aaeae2695827e747a55732a417ab4be79258dcf3f257
SHA512

c9ad4121d9673620a1127f998965c3cac0975da0a27d9d27bfc7a1ea730c26828292794699c9d33169ae33aea9146632212728b553192eb8e66ffdeb6853a642
SSDEEP

6144:e6aOgFjz2R2+MDmpBU4d0ZUOqugpcCUJ7Nvb5jf5sIh4W/x7tR8:LVgFjz2R2bDmpF3+GcdJ7NvNL4UtR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8879e9ca4b0e8d3300004006b0e191cc_JaffaCakes118

Files

8879e9ca4b0e8d3300004006b0e191cc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

50c8d94456cd3fdf6909cb2814bdc9bd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
FindResourceExW
ResetEvent
FindFirstChangeNotificationW
WritePrivateProfileStringW
LoadLibraryW
GetModuleHandleW
CreateWaitableTimerW
WideCharToMultiByte
GlobalLock
CreateProcessW
lstrcpyW
GlobalDeleteAtom
GetModuleFileNameW
VirtualAlloc
CreateFileW
GetSystemTime
GetLocalTime
FindNextChangeNotification
WaitForSingleObject
GetLogicalDrives
DuplicateHandle
SetWaitableTimer
MultiByteToWideChar
GlobalAlloc
GetCurrentProcessId
Sleep
SetThreadPriority
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualFree
VirtualProtect
ResumeThread
QueryDosDeviceW
WaitForMultipleObjects
FindFirstFileW
GetFileAttributesW
GetDriveTypeW
WriteFile
GetCurrentProcess
CancelWaitableTimer
MulDiv
GetUserDefaultLangID
GlobalUnlock
FreeResource
GetFileAttributesExW
FindResourceW
CreateEventW
FileTimeToSystemTime
ReadFile
SetEvent
GetLastError
SetEndOfFile
SetLastError
InterlockedDecrement
LockResource
SuspendThread
GetTickCount
GlobalFree
GetProcAddress
TerminateThread

user32

SetCapture
ReleaseCapture
GetWindowTextW
SetWindowPos
SetCursor
SetCursorPos
FillRect
DispatchMessageW
LoadBitmapW
CreateWindowExW
PostQuitMessage
InvalidateRect
SetLayeredWindowAttributes
TranslateMessage
EndDialog
GetDlgItem
GetMessageW
IsWindow
UpdateWindow
DestroyIcon
GetWindowRect
LoadCursorW
RegisterWindowMessageW
LoadImageW
GetWindowThreadProcessId
GetCursorPos
SetWindowTextW
PostMessageW
wsprintfW
PostThreadMessageW
EnableWindow
DestroyMenu
ReleaseDC
RegisterClassExW
IsDlgButtonChecked
GetSysColor
RegisterHotKey
GetKeyState
DialogBoxParamW

gdi32

CreateBitmap
GetObjectW
SetMapMode
MoveToEx
CreateCompatibleBitmap
StretchBlt
SelectObject
BitBlt
CreateICW
GetDeviceCaps
GetStockObject
SetTextColor
Rectangle
CreateFontIndirectW
CreateDCW
CreateRoundRectRgn
SetBkColor
SetBkMode

advapi32

RegCloseKey
RegNotifyChangeKeyValue
LookupPrivilegeValueW
RegDeleteValueW
RegQueryValueExW
InitializeSecurityDescriptor
StartServiceW
SetSecurityDescriptorDacl
GetUserNameW

shell32

Shell_NotifyIconW
SHChangeNotify

ole32

CoInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString

Sections

.text
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50c8d94456cd3fdf6909cb2814bdc9bd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 324KB - Virtual size: 322KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 324KB - Virtual size: 322KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 2KB