b89b6a2196023efd7bc09ae52520123a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b89b6a2196023efd7bc09ae52520123a_JaffaCakes118
Size

148KB
MD5

b89b6a2196023efd7bc09ae52520123a
SHA1

5e26eae402cb76d42648490bd02256f4403c4e85
SHA256

1b209437912b67d771f4db83b229559a35ee791a72e8fd4fbf914106a9745ec1
SHA512

0e99c436add37547c11e544ae83d24a091109bda8c98d606bf39e4ab4bc69fe04f68b559a6a4a49cb299d2c9ad860bdd17ebe0c7efeb4b88fe73943c00b8c5bf
SSDEEP

3072:M9jKqLt624wYGMdriQ95W04hSmn6pSm76ptp22qT:JUmwYGuia5W/hlx/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b89b6a2196023efd7bc09ae52520123a_JaffaCakes118

Files

b89b6a2196023efd7bc09ae52520123a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

614d0e11c4d20ba0bd66558d7ccf95c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CreateMutexW
CreateFileMappingA
MapViewOfFile
GetModuleHandleA
EnterCriticalSection
WriteFile
GetTickCount
GetVolumeInformationA
Sleep
ReadProcessMemory
InterlockedIncrement
OpenFileMappingA
CopyFileA
LeaveCriticalSection
GlobalAlloc
GetProcessHeap
GetCurrentProcess
CreateFileA
LoadLibraryA
HeapAlloc
WaitForSingleObject
GetModuleFileNameA
GlobalFree
OpenEventA
InterlockedDecrement
CreateDirectoryA
InterlockedCompareExchange
GetProcAddress
GetCommandLineA
HeapFree
CreateProcessA
UnmapViewOfFile
GetLastError
TerminateProcess
WriteProcessMemory
GetComputerNameA
LocalFree
CreateEventA
CloseHandle
SetLastError

ole32

CoSetProxyBlanket
CoUninitialize
CoTaskMemAlloc
CoCreateGuid
OleCreate
OleSetContainedObject
CoCreateInstance
CoInitialize

user32

GetClassNameA
ScreenToClient
CreateWindowExA
KillTimer
SetWindowLongA
RegisterWindowMessageA
PeekMessageA
SetTimer
ClientToScreen
FindWindowA
DispatchMessageA
SetWindowsHookExA
SendMessageA
GetParent
GetMessageA
GetWindowThreadProcessId
DefWindowProcA
GetCursorPos
TranslateMessage
GetSystemMetrics
GetWindowLongA
GetWindow
UnhookWindowsHookEx
DestroyWindow
PostQuitMessage

oleaut32

SysStringLen
SysAllocString
SysFreeString
SysAllocStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

DuplicateTokenEx
RegCloseKey
GetUserNameA
SetTokenInformation
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

BluetoothPadSched

Sections

.text
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

614d0e11c4d20ba0bd66558d7ccf95c6

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 118KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 992B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 118KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 992B

.reloc
Size: 8KB - Virtual size: 6KB