88897246cad17e60f82e2583be75f25e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88897246cad17e60f82e2583be75f25e_JaffaCakes118
Size

168KB
MD5

88897246cad17e60f82e2583be75f25e
SHA1

9bc1583609bf5afc10aa571c991fdeb905863871
SHA256

eb5adb4855fc4be4ed8b99afb9bea6ff0f88570df71f578b87ee4a5e409f98f1
SHA512

227783cc3c52997700f19c2439113131a5499c704436de853b983f56733deac5507c860347dcf2cdcd08121040ba53d324592018256ee21022792f6c6c982cae
SSDEEP

3072:uTzk+H38q1c83jadA2nHN6k7vnESofMqqDLy/OjwEsTaFAB6KgxVkw:qMqXjadpt7nEGqqDLur/aFNFxN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88897246cad17e60f82e2583be75f25e_JaffaCakes118

Files

88897246cad17e60f82e2583be75f25e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f4a3d6fb9d376b806e87d0b3c8179d86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
WaitForSingleObject
GetModuleHandleW
GetCommandLineW
GetFullPathNameW
CreateEventW
GetCurrentDirectoryW
GetStdHandle
WriteConsoleW
WideCharToMultiByte
WriteFile
GetFileType
GetConsoleMode
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
InterlockedIncrement
GetModuleHandleA
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
HeapAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
lstrlenW
VirtualProtect
lstrcatW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetLocalTime
CloseHandle
CreateFileW
GetCurrentProcess
LoadLibraryW
FreeLibrary
MultiByteToWideChar
GetProcAddress
LocalAlloc
LocalFree
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
QueryPerformanceCounter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
RtlUnwind
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStringTypeW

user32

LoadStringW
GetDlgItem
SetWindowLongW
EndDialog
EnableWindow
CheckDlgButton
ShowWindow
SendMessageW
WinHelpW
SetWindowTextW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
IsDlgButtonChecked

advapi32

ReportEventW
CryptExportKey
CryptImportKey
CryptGenRandom
CryptDestroyHash
RegSetValueExW
CryptGetUserKey
CryptGetKeyParam
CryptDestroyKey
CryptGetProvParam
RegOpenKeyExW
RegQueryValueExW
RevertToSelf
CryptReleaseContext
CryptAcquireContextW
CryptSetProvParam
RegConnectRegistryW
RegCloseKey
RegCreateKeyExW
RegisterEventSourceW
DeregisterEventSource

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4a3d6fb9d376b806e87d0b3c8179d86

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Sections

.text Size: 84KB - Virtual size: 81KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 60KB - Virtual size: 102KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 84KB - Virtual size: 81KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 60KB - Virtual size: 102KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB