b530e227d4d4434012679275646b8cd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b530e227d4d4434012679275646b8cd6_JaffaCakes118
Size

31KB
MD5

b530e227d4d4434012679275646b8cd6
SHA1

ec1791be166b4ab3f972d3b87233345f1e21503b
SHA256

fbbafd840c2046cb239fb6843d7497f8cda1d1ab9ad8068569b6b33f92c876b1
SHA512

378604fa68f3f22579bce766ec3ae66574aa6d74ebb2e7dfc7b8f1d783ba969d15556c0884264a2cc44fd0e3bc64eb7d6d1a4576c05e021f4cd6467a9d0b03e6
SSDEEP

768:auVGHiWUa3h44XbnuAB8HIPOGyBKFXDiH:aMPC44rBdOGH1i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b530e227d4d4434012679275646b8cd6_JaffaCakes118

Files

b530e227d4d4434012679275646b8cd6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f8cb3292ac8e9f7278e490c993dc3b4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindAtomA
GetModuleFileNameA
CreateMutexA
WriteFile
CloseHandle
GetVersion
GetTempPathA
Sleep
GetSystemTime
SystemTimeToFileTime
lstrcmpiA
GetProcAddress
SetEvent
lstrcpyA
VirtualAlloc
VirtualFree
GetWindowsDirectoryA
LoadLibraryA
WritePrivateProfileStringA
MoveFileA
GetFileSize
OpenProcess
GetVolumeInformationA
lstrcmpA
CreateEventA
GetModuleHandleA
GetLocaleInfoA
GetTickCount
FreeLibrary
GetCurrentThreadId
GetSystemDirectoryA
GetVersionExA
GetTempFileNameA
HeapAlloc
WriteProcessMemory
DeleteFileA
HeapFree
GetProcessHeap
ReadProcessMemory
ReadFile
VirtualProtectEx
VirtualQueryEx
GlobalAlloc
TerminateProcess
GlobalFree
ResumeThread
GetThreadContext
SetThreadContext
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
VirtualQuery
RtlUnwind
GetLocalTime
WaitForSingleObject
GetLastError
lstrcpynA
lstrlenA
lstrcatA
CreateFileA
CreateThread
MoveFileExA
CreateProcessA
IsDebuggerPresent

user32

SetThreadDesktop
SetWindowsHookExA
GetWindowRect
GetCursorPos
FindWindowExA
GetFocus
CallNextHookEx
PostMessageA
wsprintfA
EqualRect
GetThreadDesktop
OpenInputDesktop
GetCaretPos
IsWindowVisible
FindWindowA
InflateRect
GetWindowThreadProcessId
ClientToScreen
CloseDesktop

advapi32

RegOpenKeyExA
RegDeleteValueA
CreateProcessAsUserA
RegQueryValueExA
RegEnumValueA
OpenProcessToken
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey

shlwapi

SHDeleteKeyA
SHDeleteValueA
SHSetValueA
SHGetValueA

Exports

Exports

skXInst
skXRun
skXShutdown
skXStartup
skXTest

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8cb3292ac8e9f7278e490c993dc3b4d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 13KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 13KB

.reloc
Size: 2KB - Virtual size: 1KB