a7d74f7fbfea2f80b7a0a55e5da94619_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7d74f7fbfea2f80b7a0a55e5da94619_JaffaCakes118
Size

148KB
MD5

a7d74f7fbfea2f80b7a0a55e5da94619
SHA1

af9a1cb553a6886b84216f8a0eeb2d10f91d3c15
SHA256

03d2a722ec9b3f0931d437a5f7838d89bda9deeb5ef7494c93df8eae274af9fc
SHA512

54ee5ec8c3f1eca6f223e3f72ec5059a6a856a25e8cdaf11843c2e24fe833515b7f3776e8da8c15976bbbef1e7580bccf03adfcbc825871aebe191b5dceef8b9
SSDEEP

3072://9YXAt3qWsJQFBENBNLvzpQdPuVizQlbrxJp0fVnnq1qUeMTc:/1Co2NbzpgSizQ3GQsUe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7d74f7fbfea2f80b7a0a55e5da94619_JaffaCakes118

Files

a7d74f7fbfea2f80b7a0a55e5da94619_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1abfaee908123e30241b31ef10da95e4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
OpenEventA
SetLastError
CloseHandle
WaitForSingleObject
GetLastError
InterlockedIncrement
TerminateProcess
CreateFileA
CreateProcessA
HeapFree
GetProcessHeap
CreateMutexW
GetProcAddress
GetVolumeInformationA
LeaveCriticalSection
LoadLibraryA
HeapAlloc
WriteProcessMemory
GetCommandLineA
GetCurrentProcess
WriteFile
LocalFree
CreateDirectoryA
GetTickCount
GlobalFree
CreateEventA
InterlockedCompareExchange
GetModuleFileNameA
UnmapViewOfFile
GlobalAlloc
CreateFileMappingA
EnterCriticalSection
OpenFileMappingA
GetModuleHandleA
Sleep
MapViewOfFile
ReadProcessMemory
InterlockedDecrement
GetComputerNameA
CopyFileA

ole32

OleCreate
CoSetProxyBlanket
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
OleSetContainedObject
CoInitialize

user32

DispatchMessageA
TranslateMessage
RegisterWindowMessageA
SendMessageA
UnhookWindowsHookEx
GetClassNameA
GetParent
SetTimer
GetCursorPos
CreateWindowExA
GetMessageA
GetWindowLongA
PostQuitMessage
ScreenToClient
SetWindowLongA
GetWindowThreadProcessId
GetWindow
FindWindowA
PeekMessageA
GetSystemMetrics
DefWindowProcA
ClientToScreen
SetWindowsHookExA
KillTimer
DestroyWindow

oleaut32

SysStringLen
SysAllocString
SysAllocStringLen
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegSetValueExA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
SetTokenInformation
GetUserNameA
RegCreateKeyExA
RegDeleteKeyA
DuplicateTokenEx

shell32

SHGetFolderPathA

Exports

Exports

Wincrthid

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1abfaee908123e30241b31ef10da95e4

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 944B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 944B

.reloc
Size: 8KB - Virtual size: 6KB