a003841ead94ca25702cde2bccb3b696_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a003841ead94ca25702cde2bccb3b696_JaffaCakes118
Size

144KB
MD5

a003841ead94ca25702cde2bccb3b696
SHA1

0f00e092288ca631ac39d9a73763f1f83be0000e
SHA256

7757f1b6169e2ef0e92abe8aa4f5e38fd1f6e8495c88036582dbce1cb2f93d3e
SHA512

83e6b4f6d36f829a907a26827ef3d6f491e53aa500ba12efb844c4aae1a6fb346385fb0477521d19084aa52895078557687eadd70142179326adcb0ac91de2bd
SSDEEP

3072:o1bhK6ExndcSqGsrQ9UvZUWQH5BfgI8beP9h4GJtqyUH1Kk:o1bc6edcS3srQsG5BfP8beVbJtFUVKk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a003841ead94ca25702cde2bccb3b696_JaffaCakes118

Files

a003841ead94ca25702cde2bccb3b696_JaffaCakes118
.dll windows:4 windows x86 arch:x86

365635ef95a950f08c15033a05cb72f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
TerminateProcess
GlobalFree
CreateFileA
GlobalAlloc
GetModuleFileNameA
EnterCriticalSection
ExitProcess
WriteProcessMemory
CreateEventA
GetProcessHeap
CreateFileMappingA
GetProcAddress
HeapAlloc
Sleep
LeaveCriticalSection
GetCommandLineA
GetVolumeInformationA
InterlockedDecrement
GetTickCount
MapViewOfFile
WriteFile
HeapFree
CloseHandle
CopyFileA
CreateMutexW
UnmapViewOfFile
OpenEventA
LocalFree
CreateProcessA
GetCurrentProcess
SetLastError
InterlockedIncrement
GetComputerNameA
CreateDirectoryA
ReadProcessMemory
OpenFileMappingA
WaitForSingleObject
InterlockedCompareExchange
GetModuleHandleA
GetLastError

ole32

CoCreateInstance
CoUninitialize
CoCreateGuid
CoSetProxyBlanket
CoTaskMemAlloc
OleCreate
OleSetContainedObject
CoInitialize

user32

TranslateMessage
GetWindow
UnhookWindowsHookEx
GetCursorPos
GetWindowThreadProcessId
SetTimer
DestroyWindow
SendMessageA
ClientToScreen
FindWindowA
ScreenToClient
CreateWindowExA
DefWindowProcA
SetWindowsHookExA
PostQuitMessage
GetSystemMetrics
GetParent
RegisterWindowMessageA
GetMessageA
KillTimer
SetWindowLongA
GetWindowLongA
DispatchMessageA
PeekMessageA
GetClassNameA

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

SetTokenInformation
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegDeleteValueA
DuplicateTokenEx
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

CRLPathTask

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

365635ef95a950f08c15033a05cb72f8

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1012B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1012B

.reloc
Size: 8KB - Virtual size: 6KB