f0514d62e1c1e344d43124303e6a54ea_JaffaCakes118

General

Target

f0514d62e1c1e344d43124303e6a54ea_JaffaCakes118
Size

62KB
MD5

f0514d62e1c1e344d43124303e6a54ea
SHA1

3eb335dc80afebc9c2191c5d69012db0aa1ce8e4
SHA256

71251824a308948740ddf5d76b5acb3ef4b74aece8bf25ff88c6fc50eb0b315d
SHA512

5cfa5c5cf0f7cb1e409db71f399c86e6f3b13739716b1f2bc0dd30380164abc48d08bffd778375dc1aec93ca26da2855fd970c7e85925beb651779c28ca03f0b
SSDEEP

1536:aufEyfjXa6nnJ1CfzzJjVcUNmiCnZXIHRfOLShKQ2hHWyiQT96iVT/Zw9hXeF/jg:gyfjXa6nnJ1CfzzJjVcUNmiCnZXIHRf7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0514d62e1c1e344d43124303e6a54ea_JaffaCakes118

Files

f0514d62e1c1e344d43124303e6a54ea_JaffaCakes118
.dll windows:4 windows x86 arch:x86

49b2b1f26df7a59a3322efd155e65fb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
OpenProcess
GetProcAddress
GetModuleHandleA
GetVersionExA
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcatA
ExitThread
TerminateThread
WaitForMultipleObjects
CreateMailslotA
GetModuleFileNameA
IsBadReadPtr
ReadFile
lstrlenA
SetEvent
Sleep
GetSystemDirectoryA
CreateDirectoryA
GetTickCount
SetFilePointer
GetTempFileNameA
GetFileAttributesA
FindFirstFileA
ResetEvent
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
LoadLibraryA
ReleaseMutex
GetModuleHandleW
CreateEventA
CreateMutexW
MultiByteToWideChar
CreateThread
FindClose
FindNextFileA
lstrcmpA
CompareStringA
GetWindowsDirectoryA
PulseEvent
GetLastError
GetCurrentDirectoryA
CreateFileA
WriteFile
CloseHandle
SetEndOfFile
WaitForSingleObject

user32

wsprintfA
ShowWindow

gdi32

GetStockObject

advapi32

RegOpenKeyExA
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
RegNotifyChangeKeyValue
RegCreateKeyExA
RegSetValueExA
CreateProcessAsUserA
InitializeSecurityDescriptor
CryptDeriveKey
CryptHashData
RegOpenCurrentUser
RegQueryValueExA
RegCloseKey
RevertToSelf
CryptCreateHash
CryptAcquireContextA
CryptDecrypt
CryptEncrypt

iphlpapi

GetAdaptersInfo

shell32

SHGetFolderPathA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49b2b1f26df7a59a3322efd155e65fb8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

iphlpapi

shell32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB