c2a1b7baf61b1a33516284cd630c9131_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c2a1b7baf61b1a33516284cd630c9131_JaffaCakes118
Size

152KB
MD5

c2a1b7baf61b1a33516284cd630c9131
SHA1

e4c21daaf55f144739ef272e0368d8de7f482146
SHA256

da47cbc1448458498cc4065b6f3210f609eaba4e0ae3d4e38942cfaeccb24b7c
SHA512

bc0c12b3bc228a802d3f54f56fa467b6c42dd0725f54ca5c6e10dae5aab2c10d275ff35b9d9f89b5ba7fd96b14ca4b86c2a1c6fff004a577c2ae4db0d0258ed7
SSDEEP

3072:yH11RAevFPvwxs5PJ27WzS7/zZzGIPChwJBZlxuzt8DbsKZk:yPRAevFPvwag7R7xG6CCzZezt8b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2a1b7baf61b1a33516284cd630c9131_JaffaCakes118

Files

c2a1b7baf61b1a33516284cd630c9131_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ccdd75c7dd2d815a595b3e5e743389ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
TerminateProcess
SetLastError
ReadProcessMemory
OpenEventA
MapViewOfFile
InterlockedIncrement
LocalFree
CopyFileA
CreateMutexW
CreateFileA
GetModuleFileNameA
InterlockedCompareExchange
LeaveCriticalSection
CreateProcessA
LoadLibraryA
GlobalFree
OpenFileMappingA
GetTickCount
GetModuleHandleA
UnmapViewOfFile
InterlockedDecrement
GetCommandLineA
CloseHandle
ExitProcess
GetCurrentProcess
CreateDirectoryA
CreateEventA
GetLastError
GetProcAddress
CreateFileMappingA
EnterCriticalSection
GetComputerNameA
WaitForSingleObject
HeapFree
GlobalAlloc
GetVolumeInformationA
WriteFile
HeapAlloc
Sleep
GetProcessHeap

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoSetProxyBlanket
OleSetContainedObject
CoCreateInstance
OleCreate
CoCreateGuid

user32

PeekMessageA
TranslateMessage
RegisterWindowMessageA
ClientToScreen
CreateWindowExA
GetWindowThreadProcessId
UnhookWindowsHookEx
SetTimer
GetClassNameA
ScreenToClient
SendMessageA
SetWindowsHookExA
GetWindowLongA
KillTimer
GetParent
PostQuitMessage
DispatchMessageA
GetSystemMetrics
FindWindowA
GetWindow
GetCursorPos
DefWindowProcA
DestroyWindow
GetMessageA
SetWindowLongA

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

DuplicateTokenEx
SetTokenInformation
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
OpenProcessToken
RegCreateKeyExA
GetUserNameA
RegQueryValueExA

shell32

SHGetFolderPathA

Exports

Exports

HandlercfgInit

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccdd75c7dd2d815a595b3e5e743389ff

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 992B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 992B

.reloc
Size: 8KB - Virtual size: 6KB