899e93b9b93c75add07faf0f45943039_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

899e93b9b93c75add07faf0f45943039_JaffaCakes118
Size

17KB
MD5

899e93b9b93c75add07faf0f45943039
SHA1

1cad279146a6dc320ef8306d6632937c7c023538
SHA256

4b832e8b5a863c6aa996d617a09dd21f8a076a3b127698b4e56a0d583de14f47
SHA512

cdea9760914e3c7fa72f63911b608fe40d43da85749971401c42cfefb9b1ca27d3d491d28c5de197c90022079d07b0aee775c875793df4144212ecf223cd3c6c
SSDEEP

384:ec169NAYODT3lIbeQsqoxTo8R979vKyyctzB/IiX:PQFyg6jVo8R9793ysz9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
899e93b9b93c75add07faf0f45943039_JaffaCakes118

Files

899e93b9b93c75add07faf0f45943039_JaffaCakes118
.dll windows:1 windows x86 arch:x86

5c0d510b37a4a6be83435d06fc5e09ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileW
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
MoveFileExA
OpenFileMappingA
RemoveDirectoryA
SetFilePointer
Sleep
SleepEx
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
ShellExecuteExA
StrRChrA

ntdll

RtlAdjustPrivilege

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edat
Size: 512B - Virtual size: 322B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

5c0d510b37a4a6be83435d06fc5e09ad

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Exports

Exports

Sections

.code Size: 11KB - Virtual size: 11KB

.idat Size: 2KB - Virtual size: 2KB

.edat Size: 512B - Virtual size: 322B

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 11KB - Virtual size: 11KB

.idat
Size: 2KB - Virtual size: 2KB

.edat
Size: 512B - Virtual size: 322B

.reloc
Size: 1KB - Virtual size: 1KB