b737a6ccc57089e59e209e117a812e0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b737a6ccc57089e59e209e117a812e0f_JaffaCakes118
Size

152KB
MD5

b737a6ccc57089e59e209e117a812e0f
SHA1

dde83ce7d7476ab2afa234f31818ebffbdbf47bf
SHA256

5f4dcfb0e9b680cfc931dcc42ace692b4a162249b6c6c8608b3c9aa2b9e7f04d
SHA512

1102b26398828faa691838911694c827577663b6a1f72588c36f92285dc5f79c3adc69162967bea3ed238d76f705b97a0a5e75762921465c038dacbec366c20b
SSDEEP

3072:xVSdvzz8ewlUf+6oBAG766y8BFq0/pgiVXVYNbDrRXwWmSj:bgvzz8fq+6CAGmiBA068XVwvxj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b737a6ccc57089e59e209e117a812e0f_JaffaCakes118

Files

b737a6ccc57089e59e209e117a812e0f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7d1290c50532e5acd662224162efcf72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
WriteFile
GetLastError
GetComputerNameA
LeaveCriticalSection
GetTickCount
GlobalAlloc
GetProcessHeap
WriteProcessMemory
CreateDirectoryA
UnmapViewOfFile
InterlockedDecrement
CreateProcessA
Sleep
HeapFree
CloseHandle
OpenFileMappingA
TerminateProcess
LoadLibraryA
ExitProcess
ReadProcessMemory
GetProcAddress
GetCurrentProcess
InterlockedCompareExchange
CreateEventA
CreateFileA
GetModuleFileNameA
EnterCriticalSection
CreateMutexW
GetVolumeInformationA
SetLastError
InterlockedIncrement
CopyFileA
GlobalFree
HeapAlloc
OpenEventA
GetModuleHandleA
LocalFree
WaitForSingleObject
CreateFileMappingA
GetCommandLineA

ole32

CoTaskMemAlloc
OleSetContainedObject
CoCreateInstance
CoUninitialize
OleCreate
CoCreateGuid
CoInitialize
CoSetProxyBlanket

user32

PostQuitMessage
ClientToScreen
TranslateMessage
GetSystemMetrics
DispatchMessageA
KillTimer
SetWindowLongA
GetCursorPos
RegisterWindowMessageA
GetWindowLongA
GetParent
FindWindowA
GetWindow
SetTimer
DefWindowProcA
SendMessageA
GetClassNameA
DestroyWindow
CreateWindowExA
PeekMessageA
GetWindowThreadProcessId
SetWindowsHookExA
UnhookWindowsHookEx
ScreenToClient
GetMessageA

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegSetValueExA
GetUserNameA
RegOpenKeyExA
SetTokenInformation
OpenProcessToken
RegCreateKeyExA
DuplicateTokenEx
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegDeleteValueA

shell32

SHGetFolderPathA

Exports

Exports

Agerecrtclass

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cjz
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d1290c50532e5acd662224162efcf72

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 964B

cjz Size: 4KB - Virtual size: 16B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 964B

cjz
Size: 4KB - Virtual size: 16B

.reloc
Size: 8KB - Virtual size: 6KB