b08e1a5aa76dafeeda8bd0625c32686e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b08e1a5aa76dafeeda8bd0625c32686e_JaffaCakes118
Size

156KB
MD5

b08e1a5aa76dafeeda8bd0625c32686e
SHA1

294b3db50efde66e3d5649f5e0f5f2dfead3ada9
SHA256

3ef949ca0e97482ead00f73250005bc4c8f24dbec314fa662755664692458017
SHA512

9006621b5a6a86763202a22cca74c93d0718e9ec8a2f3be099462827c919a46ff276a6c2ca31b57f40986be56672e7bd20090006d0de897a77bda7d0c80d42c8
SSDEEP

3072:6HsuQBDJMHka0YtK7egzKDMb5kUKpl+1nSbPCe55d+B8dUGc8qaIW3Q:zuQxJMEWiuDrc1Qjlom

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b08e1a5aa76dafeeda8bd0625c32686e_JaffaCakes118

Files

b08e1a5aa76dafeeda8bd0625c32686e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7b23e4cb17bf934c95608635e99bdc6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CopyFileA
ReadProcessMemory
GetTickCount
InterlockedCompareExchange
MapViewOfFile
GetVolumeInformationA
SetLastError
LocalFree
GetModuleHandleA
GetProcAddress
ExitProcess
LeaveCriticalSection
CreateDirectoryA
UnmapViewOfFile
CreateFileMappingA
GetComputerNameA
GetCommandLineA
InterlockedIncrement
GetCurrentProcess
GlobalFree
OpenEventA
OpenFileMappingA
CreateMutexW
EnterCriticalSection
HeapAlloc
WriteProcessMemory
GetProcessHeap
HeapFree
CreateEventA
Sleep
GetModuleFileNameA
LoadLibraryA
CloseHandle
GetLastError
InterlockedDecrement
CreateProcessA
CreateFileA
GlobalAlloc
WaitForSingleObject
TerminateProcess
WriteFile

ole32

CoTaskMemAlloc
CoCreateGuid
CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoUninitialize
OleSetContainedObject
OleCreate

user32

ClientToScreen
TranslateMessage
SetWindowsHookExA
SetTimer
GetCursorPos
PeekMessageA
RegisterWindowMessageA
KillTimer
SendMessageA
GetMessageA
UnhookWindowsHookEx
DestroyWindow
ScreenToClient
FindWindowA
GetWindowThreadProcessId
SetWindowLongA
GetClassNameA
GetWindow
GetParent
PostQuitMessage
GetWindowLongA
GetSystemMetrics
DefWindowProcA
DispatchMessageA
CreateWindowExA

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

DuplicateTokenEx
OpenProcessToken
SetTokenInformation
RegCloseKey
RegQueryValueExA
RegDeleteValueA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

BluetoothEvent32

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

btfka
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b23e4cb17bf934c95608635e99bdc6b

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 976B

btfka Size: 4KB - Virtual size: 4B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 976B

btfka
Size: 4KB - Virtual size: 4B

.reloc
Size: 8KB - Virtual size: 6KB