feb3df9af68817c9ac3948f2d9274c0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

feb3df9af68817c9ac3948f2d9274c0a_JaffaCakes118
Size

148KB
MD5

feb3df9af68817c9ac3948f2d9274c0a
SHA1

726f2ca76f9920dd0c46ac09b74fbc36a5dd1b76
SHA256

c1dc500ca291403569f7b5dcea98d84ae836a66f5afea2b861c92be03d9b315c
SHA512

55f0a236f4f88c29b2794157b6071a6da571a9756eea813519d2f772bde0e48ff06fb10e5db31867b0704c010f8a043bc1c5a41a6920036a92d82e60dd03e5ae
SSDEEP

3072:P8Nw6Rl4aYOPC/1asB4YV0+PJApDMYxyP:PUXYOPQ1B6YV9JApDvxS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
feb3df9af68817c9ac3948f2d9274c0a_JaffaCakes118

Files

feb3df9af68817c9ac3948f2d9274c0a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

87d22e0de032687aecd8c86ecf0b3195

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
GetProcessHeap
HeapAlloc
WaitForSingleObject
GetModuleFileNameA
HeapFree
GetLastError
LocalFree
LeaveCriticalSection
LoadLibraryA
CreateMutexW
GetCommandLineA
InterlockedIncrement
CreateEventA
GetModuleHandleA
SetLastError
GetTickCount
InterlockedCompareExchange
ExitProcess
WriteFile
GetComputerNameA
OpenEventA
ReadProcessMemory
GetProcAddress
WriteProcessMemory
GlobalFree
Sleep
CreateProcessA
EnterCriticalSection
CreateFileMappingA
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
TerminateProcess
GlobalAlloc
OpenFileMappingA
GetVolumeInformationA
CopyFileA
InterlockedDecrement
MapViewOfFile

ole32

CoInitialize
OleSetContainedObject
CoTaskMemAlloc
OleCreate
CoUninitialize
CoCreateInstance
CoCreateGuid
CoSetProxyBlanket

user32

PostQuitMessage
GetSystemMetrics
KillTimer
GetMessageA
GetParent
FindWindowA
ClientToScreen
DispatchMessageA
SetTimer
GetCursorPos
SendMessageA
GetWindowLongA
TranslateMessage
RegisterWindowMessageA
UnhookWindowsHookEx
DefWindowProcA
GetWindow
PeekMessageA
SetWindowLongA
DestroyWindow
GetWindowThreadProcessId
SetWindowsHookExA
GetClassNameA
ScreenToClient
CreateWindowExA

oleaut32

SysFreeString
SysAllocString
SysStringLen
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

SetTokenInformation
RegDeleteKeyA
DuplicateTokenEx
GetUserNameA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

NativeMapLite

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87d22e0de032687aecd8c86ecf0b3195

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 980B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 980B

.reloc
Size: 8KB - Virtual size: 6KB