d1f125eda7850bd480d685afac630584_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1f125eda7850bd480d685afac630584_JaffaCakes118
Size

152KB
MD5

d1f125eda7850bd480d685afac630584
SHA1

f90676a1f7e4fd0f3a45d6c0005adc63b490f6db
SHA256

eaeae7cd84dd35029699c0c742940d1241916d4852b9da5a9b7e197f94853b16
SHA512

7a49be939d923d1127319fdc7885a4aebed1e5ecc966c8052045c5f32b2d9991d8da35d64507610f87fe554d99bdb58e450fabdb32b07c8dbb65db7d20a18ec6
SSDEEP

3072:X9jqtF3eR0I10CA8NqjMnrq9+plh7Vp+cmaV68nsYPjs7JaP6Do+2:X9jqfOX10CtQYrCAVYcFZnLYJ/Da

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1f125eda7850bd480d685afac630584_JaffaCakes118

Files

d1f125eda7850bd480d685afac630584_JaffaCakes118
.dll windows:4 windows x86 arch:x86

80255e0a8f3a76ae77ca7af5b19f876a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
GetCommandLineA
HeapFree
CreateFileA
WriteFile
CloseHandle
SetLastError
Sleep
CreateProcessA
EnterCriticalSection
LocalFree
InterlockedDecrement
ReadProcessMemory
CreateMutexW
GetCurrentProcess
GetProcessHeap
OpenEventA
CreateDirectoryA
GetModuleHandleA
CreateEventA
InterlockedIncrement
MapViewOfFile
TerminateProcess
HeapAlloc
GetProcAddress
GlobalAlloc
InterlockedCompareExchange
GetComputerNameA
WriteProcessMemory
GetModuleFileNameA
WaitForSingleObject
CopyFileA
GlobalFree
LoadLibraryA
ExitProcess
UnmapViewOfFile
GetLastError
OpenFileMappingA
GetTickCount
CreateFileMappingA
LeaveCriticalSection

ole32

CoCreateGuid
OleCreate
CoInitialize
CoCreateInstance
CoSetProxyBlanket
OleSetContainedObject
CoTaskMemAlloc
CoUninitialize

user32

GetSystemMetrics
DefWindowProcA
ClientToScreen
GetWindowThreadProcessId
DestroyWindow
PeekMessageA
SetTimer
PostQuitMessage
UnhookWindowsHookEx
FindWindowA
GetParent
SetWindowLongA
KillTimer
DispatchMessageA
SetWindowsHookExA
GetCursorPos
GetWindowLongA
SendMessageA
RegisterWindowMessageA
ScreenToClient
GetWindow
CreateWindowExA
GetClassNameA
TranslateMessage
GetMessageA

oleaut32

SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegOpenKeyExA
GetUserNameA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
RegSetValueExA
RegDeleteKeyA

shell32

SHGetFolderPathA

Exports

Exports

i18PadARM

Sections

.text
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80255e0a8f3a76ae77ca7af5b19f876a

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 121KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 984B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 121KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 984B

.reloc
Size: 8KB - Virtual size: 6KB