b3392e38559e847a7a5f0ec89eff760d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b3392e38559e847a7a5f0ec89eff760d_JaffaCakes118
Size

152KB
MD5

b3392e38559e847a7a5f0ec89eff760d
SHA1

9d3e560636c5e72b05e3eddcf63bd68fc437fd3d
SHA256

8d1e03efddee340e948ce5180cf1f2348ba2f45692f858db1703c47c1b110e1d
SHA512

a417008f2e51c93db68e533b7f7c08ccd6628daf31d9e4d62c130ad71bf3dfe5e3abbc6ac75c2e3832265f64d7f1a824314b11c06b39e05b37a464a456bd3439
SSDEEP

3072:oOhbLTrq/2az2S417zTt9rByH3mwp9sBz8sY1kuhLCf88kJ:9hbLTrqWSw73f1U1EYZe88kJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3392e38559e847a7a5f0ec89eff760d_JaffaCakes118

Files

b3392e38559e847a7a5f0ec89eff760d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2bc00cc87ed1da6ba57448c35e6e2595

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
WriteProcessMemory
ExitProcess
GetComputerNameA
GlobalAlloc
EnterCriticalSection
Sleep
WaitForSingleObject
GetVolumeInformationA
CopyFileA
GlobalFree
GetLastError
CreateDirectoryA
LoadLibraryA
GetProcAddress
HeapAlloc
SetLastError
GetCommandLineA
HeapFree
CreateFileA
UnmapViewOfFile
OpenEventA
ReadProcessMemory
LocalFree
WriteFile
InterlockedIncrement
GetProcessHeap
CreateProcessA
InterlockedDecrement
CreateMutexW
OpenFileMappingA
CloseHandle
GetTickCount
GetCurrentProcess
MapViewOfFile
GetModuleHandleA
LeaveCriticalSection
GetModuleFileNameA
TerminateProcess
CreateFileMappingA
InterlockedCompareExchange

ole32

CoCreateInstance
OleSetContainedObject
CoSetProxyBlanket
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitialize
OleCreate

user32

GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
PostQuitMessage
RegisterWindowMessageA
DestroyWindow
GetWindowLongA
GetSystemMetrics
TranslateMessage
GetMessageA
GetWindowThreadProcessId
DefWindowProcA
GetCursorPos
ClientToScreen
DispatchMessageA
GetWindow
ScreenToClient
PeekMessageA
CreateWindowExA
SetTimer
GetParent
FindWindowA
SetWindowLongA
KillTimer
SendMessageA

oleaut32

SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegOpenKeyExA
OpenProcessToken
RegQueryValueExA
GetUserNameA
RegDeleteValueA
DuplicateTokenEx
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
SetTokenInformation

shell32

SHGetFolderPathA

Exports

Exports

QuickMainMgmt

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bc00cc87ed1da6ba57448c35e6e2595

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 948B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 948B

.reloc
Size: 8KB - Virtual size: 6KB