f67625605b60a6b633a58c34ec214969_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f67625605b60a6b633a58c34ec214969_JaffaCakes118
Size

200KB
MD5

f67625605b60a6b633a58c34ec214969
SHA1

416f9de14eadf51583e5aac0e9c07dfe923e293d
SHA256

6687db2bc5c029881221bfe00254e211e6c213448f49adc6e6960abcf7fd8c5a
SHA512

77d587c93b842239a07c04c9ae1059fe73774aaff350308f1fd0d417b0a65799eb753a5b492b35c8590adc9282be922dc6cf457afa380e035f014499ceca67e2
SSDEEP

3072:VjwfAl71ohvLyp0cktECiHr+A+sF8QiVAAvnONUlJeN2DNxOve:VLmhDyKcbSAcQi3PONEBDNx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f67625605b60a6b633a58c34ec214969_JaffaCakes118

Files

f67625605b60a6b633a58c34ec214969_JaffaCakes118
.dll windows:4 windows x86 arch:x86

930c1780f84854c1a491389a9d462316

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
LocalFree
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
lstrcmpiW
lstrcpynW
lstrlenW
lstrlenA
LoadResource
FindResourceW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LoadLibraryW
CreateProcessW
InterlockedIncrement
TerminateProcess
CreateMutexW
GetDriveTypeW
GlobalLock
LockResource
CompareStringW
DnsHostnameToComputerNameW
OpenMutexW
FormatMessageW
SetComputerNameExW
OutputDebugStringW
GetVersion
GetFileAttributesW
GetModuleHandleA
WideCharToMultiByte
HeapCreate
DuplicateHandle
lstrcpyW
InterlockedExchange
GlobalFree
GlobalAlloc
FreeResource
OpenFile
_lclose
_lread
InterlockedCompareExchange
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
LoadLibraryA
HeapReAlloc
GetSystemInfo
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
HeapAlloc
GetEnvironmentStringsW
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapFree
VirtualFree
HeapDestroy
GetModuleFileNameA
GetCurrentProcess
GetSystemDirectoryW
ProcessIdToSessionId
GetVersionExW
OpenProcess
CreateDirectoryW
LoadLibraryExW
FreeLibrary
GetTempPathW
GetProcAddress
DisconnectNamedPipe
DeleteFileW
RemoveDirectoryW
Sleep
GetTempFileNameW
WaitForMultipleObjects
CreateThread
CreateNamedPipeW
WaitForSingleObject
ConnectNamedPipe
SetEvent
CreateEventW
ResetEvent
VirtualProtect
DisableThreadLibraryCalls
GetCommandLineA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
VirtualQuery
GetVersionExA
RtlUnwind

user32

CloseWindowStation
GetUserObjectInformationW
OpenWindowStationW
EndDialog
LoadStringW
IsDlgButtonChecked
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
SetWindowLongW
CheckDlgButton
EnableWindow
GetDesktopWindow
GetDlgItem
GetWindowLongW
SetDlgItemTextW
RegisterClipboardFormatW
LoadCursorW
WaitForInputIdle
CharNextW
PeekMessageW
DispatchMessageW
TranslateMessage
InsertMenuItemW
SetCursor

advapi32

RegisterEventSourceW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
DuplicateToken
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AccessCheck
RevertToSelf
CreateProcessAsUserW
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
GetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus
AddAccessAllowedAce
ReportEventA

ole32

CoTaskMemRealloc
CoTaskMemFree

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

930c1780f84854c1a491389a9d462316

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 40KB - Virtual size: 71KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 40KB - Virtual size: 71KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB