fb6ad49a6a3dea3473ae38c8ef81ea10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb6ad49a6a3dea3473ae38c8ef81ea10_JaffaCakes118
Size

140KB
MD5

fb6ad49a6a3dea3473ae38c8ef81ea10
SHA1

8a639dd960b2d796a89eaa46b93aba27fb641a01
SHA256

3ca05154e9b6fc11613c1dd2c078250ffb0e52c00090a20d99cd617405adeec3
SHA512

dfeabe6309d8c2b0d7fae6a7dfd27eeab40728b1a21511c280399f0f0016c5ba146f612eb39b3f134dfcb965e069f1ad8b32234546dc2863b375dcd9a61bb3be
SSDEEP

3072:CD1RcHtFUsY7Q4e7TIyXnopDl0K3oLpZyhygV:C8HAM4kIyXeloL6yg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb6ad49a6a3dea3473ae38c8ef81ea10_JaffaCakes118

Files

fb6ad49a6a3dea3473ae38c8ef81ea10_JaffaCakes118
.dll windows:4 windows x86 arch:x86

01b2cc91108100aafdde6f3bf986b8f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetComputerNameA
UnmapViewOfFile
InterlockedDecrement
GetTickCount
WriteFile
GetModuleHandleA
CreateDirectoryA
Sleep
CreateProcessA
MapViewOfFile
CreateEventA
OpenEventA
GetProcessHeap
ReadProcessMemory
TerminateProcess
HeapFree
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
LocalFree
GetModuleFileNameA
CreateFileMappingA
SetLastError
GetVolumeInformationA
CreateFileA
GlobalFree
GetProcAddress
GetCommandLineA
InterlockedIncrement
WriteProcessMemory
GetLastError
OpenFileMappingA
ExitProcess
HeapAlloc
LoadLibraryA
CloseHandle
WaitForSingleObject
GetCurrentProcess
CopyFileA
CreateMutexW

ole32

OleCreate
CoSetProxyBlanket
CoCreateGuid
CoUninitialize
CoCreateInstance
OleSetContainedObject
CoInitialize
CoTaskMemAlloc

user32

TranslateMessage
KillTimer
GetParent
SetWindowsHookExA
ClientToScreen
GetMessageA
CreateWindowExA
FindWindowA
DestroyWindow
SendMessageA
GetClassNameA
RegisterWindowMessageA
DefWindowProcA
DispatchMessageA
GetWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
ScreenToClient
GetSystemMetrics
SetTimer
PeekMessageA
PostQuitMessage
SetWindowLongA
GetCursorPos
GetWindowLongA

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegOpenKeyExA
RegCreateKeyExA
DuplicateTokenEx
RegCloseKey
RegSetValueExA
GetUserNameA
RegQueryValueExA
RegDeleteKeyA
SetTokenInformation
RegDeleteValueA
OpenProcessToken

shell32

SHGetFolderPathA

Exports

Exports

userCommsInit

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01b2cc91108100aafdde6f3bf986b8f7

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 6KB