060c17ff43b069647d499e53753f3414_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

060c17ff43b069647d499e53753f3414_JaffaCakes118
Size

67KB
MD5

060c17ff43b069647d499e53753f3414
SHA1

b42022f2a1911faab582f0e421f598f356861e63
SHA256

19af4301a91f87c894947e77b28e14b53cace6ee8a64cb50b82441da4e934a43
SHA512

9ee8a3ac5c510a3f17274a74deb5fbd2cd6c0810e6e75bd46bfef73585a8d583e2b3382051e33c4b8343c1c8986733c55657b3425ed93935627bf9eabb3bda11
SSDEEP

768:+0ByPKr2V4l7ET6N4xfGDYO1PRGyHTXGLxchHU9PwGnG051f7a7Tn4G5Vlf57bIi:+DS3N4mPzjGyh09PwGn951AZlf5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
060c17ff43b069647d499e53753f3414_JaffaCakes118

Files

060c17ff43b069647d499e53753f3414_JaffaCakes118
.dll windows:4 windows x86 arch:x86

72e2cda67156dabd288e27f2b8d01a49

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CreateProcessAsUserA

kernel32

SetFileAttributesA
DisableThreadLibraryCalls
GetModuleFileNameA
WideCharToMultiByte
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
GetCurrentProcessId
GetTickCount
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
GetTimeZoneInformation
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
WriteFile
SetUnhandledExceptionFilter
DeleteCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
HeapReAlloc
IsBadWritePtr
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedExchange
GetLocaleInfoA
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
InitializeCriticalSection
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
QueryPerformanceCounter

user32

SetWindowsHookExA
CallNextHookEx
GetForegroundWindow
GetWindowTextA
UnhookWindowsHookEx
GetAsyncKeyState
GetKeyState

Exports

Exports

FlushBuffer
Lock
Logoff
Logon
SaveE
SetLOpt
Shutdown
StartL
StartScreenSaver
Startup
StopL
StopScreenSaver
Unlock

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72e2cda67156dabd288e27f2b8d01a49

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 46KB - Virtual size: 46KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 3KB - Virtual size: 9KB

Shared Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 46KB - Virtual size: 46KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 3KB - Virtual size: 9KB

Shared
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB