cf486f92bc488bd94e2175b06283bf60_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf486f92bc488bd94e2175b06283bf60_JaffaCakes118
Size

144KB
MD5

cf486f92bc488bd94e2175b06283bf60
SHA1

4c5e4de35dceeed6e6caac7c1b2ba8af4ba129e5
SHA256

41187cbec9c728f4507e2d99a55ffa5a404f23009679c8c01a3031968c6519a9
SHA512

e4a1fe7c2b985df71067d36ed3607cf56fbe55b369a77949f898233b0bfdbf5bae4556a676db2dca1640609fa72cbc076ab4d18408ab2f887fe195d0fd6b61bb
SSDEEP

3072:voycmO6B6eQTyhvmowW5/ouev+1zSpsIODqegB4cUNx65xRSTgEoicF:voyK6YeQmhnwe/oV+xSCIOFgYwagbic

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf486f92bc488bd94e2175b06283bf60_JaffaCakes118

Files

cf486f92bc488bd94e2175b06283bf60_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6ead3181c03860b94e25f14e6aa3b824

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryA
CreateProcessA
SetLastError
CreateMutexW
GetComputerNameA
ReadProcessMemory
CopyFileA
HeapFree
LoadLibraryA
GetVolumeInformationA
GetCurrentProcess
CreateFileMappingA
GetProcAddress
WriteFile
ExitProcess
GetProcessHeap
OpenEventA
WriteProcessMemory
GetTickCount
EnterCriticalSection
InterlockedIncrement
HeapAlloc
InterlockedDecrement
CreateFileA
GlobalAlloc
InterlockedCompareExchange
WaitForSingleObject
GlobalFree
LocalFree
LeaveCriticalSection
MapViewOfFile
GetModuleFileNameA
UnmapViewOfFile
GetModuleHandleA
CreateEventA
CloseHandle
GetCommandLineA
Sleep
GetLastError
TerminateProcess
OpenFileMappingA

ole32

CoInitialize
CoSetProxyBlanket
CoUninitialize
CoCreateGuid
OleSetContainedObject
OleCreate
CoCreateInstance
CoTaskMemAlloc

user32

GetSystemMetrics
GetWindowLongA
SetTimer
TranslateMessage
GetCursorPos
GetWindow
GetWindowThreadProcessId
KillTimer
SetWindowsHookExA
GetClassNameA
DispatchMessageA
GetMessageA
DestroyWindow
ScreenToClient
CreateWindowExA
RegisterWindowMessageA
DefWindowProcA
GetParent
UnhookWindowsHookEx
PostQuitMessage
ClientToScreen
PeekMessageA
FindWindowA
SetWindowLongA
SendMessageA

oleaut32

SysAllocString
SysStringLen
SysFreeString
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

DuplicateTokenEx
OpenProcessToken
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA
RegSetValueExA
RegDeleteValueA
SetTokenInformation

shell32

SHGetFolderPathA

Exports

Exports

WdWebmm

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ead3181c03860b94e25f14e6aa3b824

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB