8abdd43d7eaeef4bd9bfc3bdeabdfbeb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8abdd43d7eaeef4bd9bfc3bdeabdfbeb_JaffaCakes118
Size

144KB
MD5

8abdd43d7eaeef4bd9bfc3bdeabdfbeb
SHA1

e63447b0f3cf8b569e649937915f8b9497922cbb
SHA256

f3c6b60869dfdf6e3b9a92c7581acff253f2dd8a3b17dd24078f399a2be96253
SHA512

99e7e1e881faaead47d8d2bb0e0f015f308371d587fc7cce7c88ca8b76208c77e815adb574aa06cd73a429e632f3138bf095009a58322f616882f0c92596f52d
SSDEEP

3072:1imYLSY5QujZCjFORja1V16S9ubWranBxKGEJcL+0sv/SnOZBtaiQWmYqMr4hjfl:8vLB59jZCjFORjaV16yubyanJ+0m/STD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8abdd43d7eaeef4bd9bfc3bdeabdfbeb_JaffaCakes118

Files

8abdd43d7eaeef4bd9bfc3bdeabdfbeb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2598d695161f5d942deaeaac5cb267eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadProcessMemory
EnterCriticalSection
GetModuleHandleA
GetTickCount
TerminateProcess
CopyFileA
ExitProcess
CloseHandle
GlobalAlloc
CreateFileA
GetComputerNameA
CreateEventA
GetVolumeInformationA
Sleep
CreateMutexW
OpenEventA
InterlockedCompareExchange
CreateFileMappingA
GetCommandLineA
InterlockedIncrement
GetModuleFileNameA
UnmapViewOfFile
LeaveCriticalSection
GetProcessHeap
MapViewOfFile
CreateDirectoryA
OpenFileMappingA
WriteFile
SetLastError
GetCurrentProcess
CreateProcessA
LocalFree
WaitForSingleObject
HeapFree
GetLastError
GlobalFree
LoadLibraryA
WriteProcessMemory
HeapAlloc
GetProcAddress
InterlockedDecrement

ole32

OleCreate
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoCreateGuid
CoInitialize
OleSetContainedObject
CoSetProxyBlanket

user32

GetWindowLongA
GetParent
DestroyWindow
GetSystemMetrics
ScreenToClient
SetWindowLongA
GetCursorPos
DispatchMessageA
DefWindowProcA
SendMessageA
UnhookWindowsHookEx
GetMessageA
CreateWindowExA
SetTimer
PostQuitMessage
ClientToScreen
TranslateMessage
SetWindowsHookExA
GetWindowThreadProcessId
PeekMessageA
FindWindowA
GetClassNameA
KillTimer
GetWindow
RegisterWindowMessageA

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegCreateKeyExA
RegOpenKeyExA
GetUserNameA
RegCloseKey
RegSetValueExA
OpenProcessToken
RegDeleteKeyA
SetTokenInformation
DuplicateTokenEx
RegDeleteValueA
RegQueryValueExA

shell32

SHGetFolderPathA

Exports

Exports

appUserppm

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2598d695161f5d942deaeaac5cb267eb

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB