bb9aaf36f87c183698f7ddaec127f07e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb9aaf36f87c183698f7ddaec127f07e_JaffaCakes118
Size

80KB
MD5

bb9aaf36f87c183698f7ddaec127f07e
SHA1

93e9f5a10c4a32ede7ffee49b0a96eed46f312af
SHA256

5b4aa0bbadd582c83093d9b9862d2be095a21765280b52c1093ef71ce82a1f75
SHA512

e8b6dee198caa030097ec66f6f1a2ef9171f2670b0e783fcba8c594781a37e56d98b0f051017b504c9d688c7cc4898cabb7990c8cdba062d3c6d9ce1bc150bec
SSDEEP

1536:uWAGFS3r6+wNsdHAOHgGMtYWSVd/9ljjOBRnBL:3AGwFwNGAd2WSVd/vjCvL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb9aaf36f87c183698f7ddaec127f07e_JaffaCakes118

Files

bb9aaf36f87c183698f7ddaec127f07e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

59f97c47ed9bdbc1aa5f2c0135d1548c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

BeginUpdateResourceA
GetVersion
VirtualAlloc
OpenFileMappingA
SearchPathW
GetSystemTime
GlobalFree
AssignProcessToJobObject
FreeEnvironmentStringsW
IsBadStringPtrW
AddAtomA
FindVolumeClose
CreateNamedPipeA
GetCommState
DuplicateHandle
FreeResource
AllocConsole
PurgeComm
GetLocaleInfoW
GlobalAddAtomA
IsWow64Process
LocalAlloc
OpenJobObjectW
GetProfileIntW
GlobalGetAtomNameW
FreeLibraryAndExitThread
TerminateProcess
GetUserDefaultLangID
MapViewOfFileEx
RegisterWaitForSingleObjectEx
SystemTimeToTzSpecificLocalTime
ActivateActCtx
CreateActCtxW
GetFileAttributesW
ExpandEnvironmentStringsW
GetCalendarInfoW
DeleteTimerQueueEx
WriteConsoleA
OpenMutexW
SetCommBreak
FindResourceW
CreateRemoteThread
GetSystemDefaultUILanguage
LCMapStringW
UnregisterWait
GetCommandLineA
InterlockedDecrement
GetProcessHeap
GetCurrentProcessId
InterlockedIncrement
ReleaseMutex
GetProcAddress
HeapFree
CopyFileA
LoadLibraryA
GetModuleFileNameA
VirtualProtect
GetVolumeInformationA
SetLastError
GetLastError
FindNextFileW
CreateProcessA

shlwapi

AssocCreate
StrRChrW
StrFormatKBSizeW
PathUnquoteSpacesW
StrCpyNW
UrlGetPartW
PathGetArgsW
PathStripPathW
StrRetToStrW
StrCmpNIW
StrChrIW
PathIsDirectoryW
PathIsPrefixW
StrStrIW
UrlUnescapeW
PathUndecorateW

shell32

SHSetLocalizedName
SHGetFolderPathW
ExtractIconExW
SHGetMalloc
SHPathPrepareForWriteW
SHGetFolderPathA

gdi32

CloseFigure
CreateDCA
TranslateCharsetInfo
GetKerningPairsA
GetMetaFileA
CreateHalftonePalette
SetBkMode
SetWindowExtEx
GetTextCharacterExtra
PolyPolyline
AddFontResourceA
GetObjectW
PolyBezierTo
PathToRegion
EnumFontsA
PolyBezier
ExtTextOutW
CreateBrushIndirect
GetCharABCWidthsW
SetTextAlign
DescribePixelFormat
GetObjectA
GetViewportOrgEx
FlattenPath
CombineRgn
SetMagicColors
InvertRgn
SetPolyFillMode
Chord
TextOutW

Exports

Exports

DesktopGLSnap

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f97c47ed9bdbc1aa5f2c0135d1548c

Headers

File Characteristics

Imports

kernel32

shlwapi

shell32

gdi32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 2KB