8e7d7e5daa8919081bf2bad760113f58_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8e7d7e5daa8919081bf2bad760113f58_JaffaCakes118
Size

16KB
MD5

8e7d7e5daa8919081bf2bad760113f58
SHA1

cb0f6920ce9eb00a19d8e0280184ec0081e9e2f0
SHA256

00e9a22a5abc229677e47eda6627448e3799f931bd930a083e33df8b0845c6bd
SHA512

0b8b7bb9e3c034fb2b63fb481c9a72aff0285c45f435bcb7388cde9450e75c62e1e10d1663293f1913050d42a73624d26e82f70cd51d8e8f8525dc072f783cdc
SSDEEP

384:P3F+Rx71y/ArPAIeiQXcTfaRBDe499170ctkh4NT:9qfBFQESe49b0skU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e7d7e5daa8919081bf2bad760113f58_JaffaCakes118

Files

8e7d7e5daa8919081bf2bad760113f58_JaffaCakes118
.dll windows:1 windows x86 arch:x86

846e19e10cd18df63664747ff2f335e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileW
CreateFileMappingA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalFree
HeapAlloc
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
MoveFileExA
OpenFileMappingA
SetFilePointer
Sleep
UnmapViewOfFile
VirtualAlloc
VirtualProtect
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
StrRChrA

ntdll

RtlAdjustPrivilege

Exports

Exports

AddProcessExclusion
GetChangeRect
GetChangedWindowList
IsTitleBarButtonPressed
RemoveProcessExclusion
SetButtonXOffset
SetSingleWindow
ShowTitleBarButton
StartHooks
StopHooks

Sections

.code
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edat
Size: 512B - Virtual size: 322B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

846e19e10cd18df63664747ff2f335e3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Exports

Exports

Sections

.code Size: 11KB - Virtual size: 10KB

.idat Size: 2KB - Virtual size: 2KB

.edat Size: 512B - Virtual size: 322B

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 11KB - Virtual size: 10KB

.idat
Size: 2KB - Virtual size: 2KB

.edat
Size: 512B - Virtual size: 322B

.reloc
Size: 1KB - Virtual size: 1KB