cf370d709bcf5096fd6b6ad13881ac4f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf370d709bcf5096fd6b6ad13881ac4f_JaffaCakes118
Size

121KB
MD5

cf370d709bcf5096fd6b6ad13881ac4f
SHA1

45852163356879b1cdf854d78d674c0d73083065
SHA256

37719c724f39b098d66db67bb1e6a77c2fad1d79b2b8f6bb2f1d3d6b8fb020fd
SHA512

bdd3d6b644e1d0d37ba4c7442a6482acc87566531e40cf5b854592031e4b70b721741c3ac08ec96f47bbc618c9a8b4f78c0ce439eece7aa829980817c185c0c2
SSDEEP

1536:AT9XizEy7w3Z0a3sZuxjgfLe+EMhjXFL9XptsexNk8Ghsw6jJnnt/EwnjODHtw:AJXizX7wp0DCkh9R/7IcLEBi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf370d709bcf5096fd6b6ad13881ac4f_JaffaCakes118

Files

cf370d709bcf5096fd6b6ad13881ac4f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

84a7da05e76ef2799a30885a8725d406

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

_lopen
ExitProcess
lstrcpyA
ReadFile
SetFilePointer
GetFileSize
CreateFileA
lstrcatA
SetFileApisToANSI
lstrcpynA
IsBadWritePtr
WideCharToMultiByte
lstrlenW
WriteFile
lstrcmpiA
GetTempFileNameA
GlobalReAlloc
OpenMutexA
GetComputerNameA
SetFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
MultiByteToWideChar
_lclose
lstrcmpA
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
IsBadStringPtrA
VirtualProtect
VirtualFreeEx
VirtualAllocEx
WaitForSingleObject
ReleaseMutex
GetTickCount
GetVersionExA
lstrlenA
Sleep
GetCurrentProcessId
CreateMutexA
GetLastError
GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
DeleteFileA
CreateThread
GlobalFindAtomA
GlobalAddAtomA
GetTempPathA
GetSystemTime
GetSystemDirectoryA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
VirtualAlloc
FreeLibrary
VirtualFree
OpenEventA
SetEvent
CloseHandle
IsBadReadPtr
GlobalAlloc
GetPrivateProfileStructA
GlobalFree
GetPrivateProfileStringA
GlobalSize
GetPrivateProfileIntA

user32

SystemParametersInfoA
GetDesktopWindow
GetCursorPos
GetDC
ReleaseDC
CharLowerBuffA
GetKeyNameTextA
GetKeyboardState
ToAscii
GetActiveWindow
GetWindowTextA
FindWindowExA
wsprintfA

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
DeleteObject
GetObjectA
GetDIBits
CreateCompatibleDC

msvcrt

memcpy
memset
strtoul
strlen
_EH_prolog
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
fclose
fprintf
fopen
memmove
fwrite
free
malloc
calloc
memcmp
memchr
putc
getc
__dllonexit
_onexit
_except_handler3
strstr

msvcp60

?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84a7da05e76ef2799a30885a8725d406

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

msvcp60

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 56KB

.CRT Size: 512B - Virtual size: 20B

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 56KB

.CRT
Size: 512B - Virtual size: 20B

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 7KB - Virtual size: 7KB