0a7e8e22c69bd8c536d6a7e01b834b89_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0a7e8e22c69bd8c536d6a7e01b834b89_JaffaCakes118
Size

148KB
MD5

0a7e8e22c69bd8c536d6a7e01b834b89
SHA1

8ec96a6eb78845947ecff6151860cb5615f938fa
SHA256

328cd56146c6ec6ff3496cb7763e6052531ec028e834bdcb037bfd96158becd1
SHA512

0ab474ad88f03571798cd4a750b61ea4fec4f98a8b597ba2ccf01a467e1c874e0cb9828f0cf194e693e9945055c5fe8fd120d0740f30524527e50fcf91356324
SSDEEP

3072:aaCmOFur6hvnmB11vNNjaP6RVhzaQPrUqiR0xW4BQ6Y9O6n:zChnI1NNZVTzPYJR36Q/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a7e8e22c69bd8c536d6a7e01b834b89_JaffaCakes118

Files

0a7e8e22c69bd8c536d6a7e01b834b89_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c754a92d458f8d0dfef31d05b5dec13a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
GetModuleHandleA
GetProcessHeap
GetCurrentProcess
WriteFile
LocalFree
CloseHandle
EnterCriticalSection
HeapFree
Sleep
MapViewOfFile
SetLastError
GlobalAlloc
ExitProcess
WaitForSingleObject
GetComputerNameA
InterlockedCompareExchange
UnmapViewOfFile
CreateFileA
CreateFileMappingA
CopyFileA
GetLastError
LeaveCriticalSection
GlobalFree
InterlockedIncrement
WriteProcessMemory
CreateProcessA
GetProcAddress
InterlockedDecrement
TerminateProcess
HeapAlloc
CreateMutexW
GetVolumeInformationA
OpenEventA
OpenFileMappingA
GetCommandLineA
GetModuleFileNameA
ReadProcessMemory
GetTickCount
CreateDirectoryA
LoadLibraryA

ole32

CoInitialize
OleSetContainedObject
CoTaskMemAlloc
CoSetProxyBlanket
CoCreateInstance
CoCreateGuid
CoUninitialize
OleCreate

user32

KillTimer
GetMessageA
UnhookWindowsHookEx
ScreenToClient
DefWindowProcA
GetParent
SetTimer
GetWindowLongA
PostQuitMessage
GetClassNameA
RegisterWindowMessageA
SetWindowLongA
SetWindowsHookExA
DestroyWindow
GetWindow
PeekMessageA
CreateWindowExA
GetCursorPos
GetWindowThreadProcessId
GetSystemMetrics
SendMessageA
ClientToScreen
FindWindowA
TranslateMessage
DispatchMessageA

oleaut32

SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

RegQueryValueExA
RegDeleteValueA
OpenProcessToken
RegSetValueExA
SetTokenInformation
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
DuplicateTokenEx
GetUserNameA
RegOpenKeyExA

shell32

SHGetFolderPathA

Exports

Exports

DfrgHelpusb

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c754a92d458f8d0dfef31d05b5dec13a

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 940B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 940B

.reloc
Size: 8KB - Virtual size: 6KB