ac1b85a43aff5562c643ae4c02c07b38_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac1b85a43aff5562c643ae4c02c07b38_JaffaCakes118
Size

76KB
MD5

ac1b85a43aff5562c643ae4c02c07b38
SHA1

40948988aa21db8fadf1d732cb02f12d71387499
SHA256

884f81a159d1d9484980415d92de094227b0b1c739287e6483d63edc7de96c75
SHA512

8769b7564779277f9ef2ef0302c45127adedd2452ea6e49754918101de7149569b0256d034637b9e4e293818a974d500b87af3c299493300a8dc5e978d8ae0f5
SSDEEP

1536:WUpq7HC06c1tvy78AHJZTt3Pwp1HH2eg5r+E:Wkfcny78A7h3Ip1HHqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac1b85a43aff5562c643ae4c02c07b38_JaffaCakes118

Files

ac1b85a43aff5562c643ae4c02c07b38_JaffaCakes118
.dll windows:4 windows x86 arch:x86

46465964c2430f483870cf8fde5da529

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
SetLastError
InitializeCriticalSectionAndSpinCount
CreateDirectoryA
VirtualQuery
CloseHandle
Sleep
SetEvent
GetProcAddress
CreateFileMappingA
lstrlenW
CreateProcessA
GetSystemTimeAsFileTime
GetTickCount
GetVolumeInformationA
GetTimeZoneInformation
IsProcessorFeaturePresent
GetFileAttributesA
GetCurrentProcessId
GetCurrentThreadId
UnregisterWaitEx
FileTimeToSystemTime
GetCommModemStatus
GetWindowsDirectoryA
RegisterWaitForSingleObject
PostQueuedCompletionStatus
RegisterWaitForSingleObjectEx
WaitForMultipleObjectsEx
ReadFile
GetSystemTimeAdjustment
HeapDestroy
HeapCompact
FreeConsole
GetFileTime
IsValidLanguageGroup
WaitNamedPipeW
GlobalGetAtomNameW
EndUpdateResourceA
ExpandEnvironmentStringsA
SetCurrentDirectoryA
GetBinaryTypeA
GetVersionExA
lstrcatW
SetHandleInformation
SetConsoleMode
GetFileAttributesW
WaitForSingleObjectEx
GetCommMask
GetEnvironmentStrings
SetCurrentDirectoryW
SetConsoleWindowInfo
LocalHandle
WinExec
SetConsoleTextAttribute
VirtualAllocEx
GetVolumePathNameW
TerminateThread
OpenFileMappingA
FindAtomW
MoveFileA
OpenProcess
HeapLock
SetConsoleCursorPosition
GetLongPathNameW
RtlUnwind
GetDateFormatA
InterlockedExchangeAdd
CreateMutexW
FileTimeToLocalFileTime
LockFileEx
GetLogicalDriveStringsA
SetProcessWorkingSetSize
GetProfileStringA
ReleaseMutex
GetSystemTime
GetUserDefaultLCID
GetSystemWindowsDirectoryA
GetThreadContext
GetDiskFreeSpaceA
SetVolumeLabelW
WaitForMultipleObjects
LockResource

ole32

CreateItemMoniker
CoRegisterMessageFilter
OleDraw
OleCreateLink
StringFromIID
CoEnableCallCancellation
OleSetContainedObject
OleCreateStaticFromData
CoGetMalloc
StgCreateDocfileOnILockBytes
OleSaveToStream
RevokeDragDrop
OleSave
CoGetInterfaceAndReleaseStream
IIDFromString
GetRunningObjectTable
CoTaskMemRealloc
OleCreateMenuDescriptor
CoTaskMemAlloc
CoInitialize

shlwapi

PathIsURLW
StrToIntA
SHRegSetPathW
UrlEscapeW
PathCompactPathW
PathBuildRootW
StrCmpIW
StrRChrW
SHGetValueW
StrFormatByteSizeW
PathGetCharTypeW
SHRegGetBoolUSValueW
wnsprintfW
UrlUnescapeW
SHSetValueA
PathFindNextComponentW
PathCombineW
SHDeleteKeyW

shell32

ShellExecuteA
SHGetSettings
SHGetPathFromIDListW
DragAcceptFiles
SHFileOperationW
SHCreateShellItem

Exports

Exports

CPlApplet

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46465964c2430f483870cf8fde5da529

Headers

File Characteristics

Imports

kernel32

ole32

shlwapi

shell32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB