fa4c15673b32723cbb710c6be6d37fce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa4c15673b32723cbb710c6be6d37fce_JaffaCakes118
Size

152KB
MD5

fa4c15673b32723cbb710c6be6d37fce
SHA1

c264df4397e41a801259bc9889c3f428115433c6
SHA256

407c0f4924a1c94588180bcb1b8e21d4b5b24736e40948373d7ef3e74afdf8f8
SHA512

8881f505326995b429dfe27edbb628fb08c9bb4bbccc39bd2cef88f675f0c549c010eef72dd1ccecd648e5cd28a5082dae63d6f1e507a12e0157f5a4613cc004
SSDEEP

3072:kEPoO4ThkCCmHp+UFNd9+pYpJ4A1SZAU46xA+Rqw2uh:jGdrCmHpD+po4bZAdwjh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa4c15673b32723cbb710c6be6d37fce_JaffaCakes118

Files

fa4c15673b32723cbb710c6be6d37fce_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f78bbe64a02fb91efa516de0c9f78e06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetCurrentProcess
MapViewOfFile
InterlockedDecrement
GetComputerNameA
LeaveCriticalSection
GetProcAddress
HeapFree
GetModuleFileNameA
WriteProcessMemory
GetModuleHandleA
InterlockedIncrement
EnterCriticalSection
CloseHandle
UnmapViewOfFile
GetProcessHeap
CreateProcessA
HeapAlloc
SetLastError
OpenFileMappingA
CreateEventA
ExitProcess
InterlockedCompareExchange
CreateDirectoryA
OpenEventA
Sleep
CreateFileMappingA
LoadLibraryA
LocalFree
GetCommandLineA
GlobalAlloc
GetLastError
GlobalFree
GetTickCount
CreateMutexW
WaitForSingleObject
ReadProcessMemory
TerminateProcess
GetVolumeInformationA
CopyFileA
CreateFileA

ole32

CoInitialize
CoTaskMemAlloc
CoCreateGuid
OleCreate
CoCreateInstance
OleSetContainedObject
CoSetProxyBlanket
CoUninitialize

user32

GetWindowThreadProcessId
SetTimer
GetWindowLongA
PostQuitMessage
TranslateMessage
SetWindowLongA
GetMessageA
GetParent
RegisterWindowMessageA
CreateWindowExA
DefWindowProcA
GetClassNameA
KillTimer
PeekMessageA
UnhookWindowsHookEx
SendMessageA
DispatchMessageA
DestroyWindow
GetSystemMetrics
GetWindow
GetCursorPos
ClientToScreen
ScreenToClient
SetWindowsHookExA
FindWindowA

oleaut32

SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

GetUserNameA
RegDeleteValueA
SetTokenInformation
RegQueryValueExA
OpenProcessToken
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
DuplicateTokenEx

shell32

SHGetFolderPathA

Exports

Exports

CRLnetInterval

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f78bbe64a02fb91efa516de0c9f78e06

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB