a9185f7e178837ad9dc4ae4f04805d3f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a9185f7e178837ad9dc4ae4f04805d3f_JaffaCakes118
Size

144KB
MD5

a9185f7e178837ad9dc4ae4f04805d3f
SHA1

a354f8f9b3b9dc86ebe38cdde924d73fdc872d09
SHA256

06d4d102e9e21c3b5d11a5d08ed5e0b9bde06e7e493cd8b10267cc92c1a13de2
SHA512

f84c50abb945bcd08a91c79f4b99ced5ee2a296d681545e4ab403ee7da43427262b3dd15a919ac6a5f06ac7bbb28b3b472b9d23f14ebaab7e365917954942892
SSDEEP

3072:ABCfK0Akh+3ykoKjEzoWZ2uWJpgYgEY4BW88oL4b:ABCnKph+r0HWoL4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9185f7e178837ad9dc4ae4f04805d3f_JaffaCakes118

Files

a9185f7e178837ad9dc4ae4f04805d3f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

936e93e10335213f2a45419be057a625

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
EnterCriticalSection
GetProcAddress
WriteProcessMemory
WriteFile
CreateEventA
HeapFree
CreateMutexW
LeaveCriticalSection
InterlockedIncrement
GetVolumeInformationA
GetCurrentProcess
CloseHandle
Sleep
InterlockedCompareExchange
TerminateProcess
CreateFileMappingA
CopyFileA
GetLastError
ReadProcessMemory
HeapAlloc
LocalFree
WaitForSingleObject
GetCommandLineA
LoadLibraryA
OpenEventA
GetModuleHandleA
InterlockedDecrement
GetProcessHeap
GetModuleFileNameA
CreateDirectoryA
GlobalAlloc
ExitProcess
MapViewOfFile
GetComputerNameA
GetTickCount
GlobalFree
CreateFileA
UnmapViewOfFile
CreateProcessA
SetLastError

ole32

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateGuid
OleSetContainedObject
OleCreate
CoSetProxyBlanket

user32

GetClassNameA
DefWindowProcA
SetWindowLongA
DispatchMessageA
KillTimer
CreateWindowExA
DestroyWindow
TranslateMessage
GetParent
UnhookWindowsHookEx
ScreenToClient
SetWindowsHookExA
ClientToScreen
GetWindow
GetMessageA
PostQuitMessage
GetWindowThreadProcessId
GetWindowLongA
GetCursorPos
RegisterWindowMessageA
FindWindowA
SendMessageA
GetSystemMetrics
SetTimer
PeekMessageA

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
OpenProcessToken
RegQueryValueExA
GetUserNameA
DuplicateTokenEx
RegCreateKeyExA
RegCloseKey
SetTokenInformation

shell32

SHGetFolderPathA

Exports

Exports

CRLWebplugin

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

936e93e10335213f2a45419be057a625

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB