01605e831501a0b150837f0df72b6875_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01605e831501a0b150837f0df72b6875_JaffaCakes118
Size

137KB
MD5

01605e831501a0b150837f0df72b6875
SHA1

08a061d8c04d3d619602605ff230adbcb20d635b
SHA256

d3c33fa7b43e1407a1e0ea0c374ac5caf8ff979d083bbc0b5c0e7daed90ace33
SHA512

4958a249b37901e9b5c1a10607f306ed25f37827fb397033edf5bb5a42685b43d5c0a0e1034cddc9e16c8a28f95641f9bd374f546484a11f88284ec088cf0ae6
SSDEEP

3072:vFga5viyALxyMtC1GMiu6sTXyhDzfaEr/h89LGjT:vFga8GZ1uuSBza0h8h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01605e831501a0b150837f0df72b6875_JaffaCakes118

Files

01605e831501a0b150837f0df72b6875_JaffaCakes118
.dll windows:5 windows x86 arch:x86

53241642cff8d14f0f1537fe0b942440

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

memcpy

shlwapi

StrDupA
StrCmpNA
StrDupW
IsCharSpaceA
SHRegEnumUSKeyA

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathW

kernel32

PulseEvent
GlobalMemoryStatus
SearchPathW
PeekNamedPipe
SetEndOfFile
SetEvent
GetCurrentThread
FindResourceExA
GetTempPathA
GetNamedPipeInfo
GetBinaryTypeA
SetThreadPriority
ReleaseSemaphore
FindClose
_hwrite
FindAtomA
GetThreadPriority
WaitCommEvent
SetFileShortNameA
GetVersion
lstrcpyA
lstrcatW
lstrcmpiW
GetSystemInfo
lstrcmpiA
GetSystemTimeAdjustment
GetModuleHandleW
FindResourceA
FileTimeToLocalFileTime
_lopen
GetLocalTime
FormatMessageA
CompareFileTime
SetLocalTime
CopyFileW

user32

SetWindowPos
LookupIconIdFromDirectoryEx
CharUpperBuffA
IsCharAlphaNumericW
CharUpperA
PrivateExtractIconsA
MapDialogRect
SetActiveWindow
SetWindowPlacement
EndPaint
EnumPropsW
RemovePropW
PostMessageW
DeleteMenu
InvalidateRgn
SendMessageA
GetMenuItemInfoW
BeginPaint
GetDC
TranslateMessage
LockWindowUpdate
GetCursorInfo
SetPropA
SetScrollPos
ReleaseDC
TranslateAcceleratorA
LoadAcceleratorsA
DispatchMessageA
SetWindowTextW
GetPropW
LoadCursorFromFileA
PeekMessageA
GetWindowRgn

gdi32

SetSystemPaletteUse
OffsetClipRgn
PtVisible
LineDDA
CreateDCA
SetBkColor
GetSystemPaletteEntries
GetTextExtentPointA
CreateScalableFontResourceA
SetBoundsRect
CreateBitmapIndirect
DeleteDC
GetObjectType
DeleteObject
CreateDCW
ExcludeClipRect
GetCharWidthW
CreateCompatibleBitmap
InvertRgn
Polyline

advapi32

IsValidSid
EqualPrefixSid
EqualSid
PrivilegedServiceAuditAlarmA
ObjectCloseAuditAlarmW

Exports

Exports

_Copy_Region@12
_Create_Region@12
_Set_Region@12
_Update_Region@12

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vars
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53241642cff8d14f0f1537fe0b942440

Headers

File Characteristics

Imports

ntdll

shlwapi

shell32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 8KB

.code Size: 4KB - Virtual size: 3KB

.data Size: - Virtual size: 160B

.vars Size: 1024B - Virtual size: 532B

IMPORT Size: 3KB - Virtual size: 2KB

.rsrc Size: 118KB - Virtual size: 117KB

.reloc Size: 1024B - Virtual size: 604B

.text
Size: 9KB - Virtual size: 8KB

.code
Size: 4KB - Virtual size: 3KB

.data
Size: - Virtual size: 160B

.vars
Size: 1024B - Virtual size: 532B

IMPORT
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 1024B - Virtual size: 604B