108afcd48e5f643dd695e84e3070dec8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

108afcd48e5f643dd695e84e3070dec8_JaffaCakes118
Size

132KB
MD5

108afcd48e5f643dd695e84e3070dec8
SHA1

a62c8404256d68fcfe0e29227972ee107fcffa65
SHA256

02b0a23945d65e17c10ad4e64159318df51f17c28bcb996401defc228300bcfc
SHA512

e85dc134fa2dcac0a49d296c7007029202e15989c75f40ad27fcffdb85ebdf1e372cea9152c4c9cb37172d758bdbe3009b6910ebfef673ba964b831318486e5b
SSDEEP

3072:wR0w8W0bQpJioHD0PGE35JTjdfWk6WJmui3gkWpQ:wKwiQJw/ukU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
108afcd48e5f643dd695e84e3070dec8_JaffaCakes118

Files

108afcd48e5f643dd695e84e3070dec8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

17e65ca057dbb287574e12877678c885

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
LoadLibraryW
lstrcatW
DeleteFileW
GetFileAttributesW
FreeLibrary
GetModuleFileNameW
GlobalAlloc
Sleep
WideCharToMultiByte
GetProcAddress
SetLastError
HeapAlloc
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GlobalDeleteAtom
GlobalGetAtomNameW
GlobalFree
MultiByteToWideChar
FormatMessageW
LocalFree
InterlockedDecrement
InterlockedIncrement
GetVersion
IsBadWritePtr
GetFileAttributesExW
GetLastError
VirtualAlloc
HeapReAlloc
GetEnvironmentVariableA
GetVersionExA
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
VirtualFree
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsFree
LoadLibraryA
GetOEMCP
GetACP
HeapFree
GetCommandLineA
GetModuleHandleA
WriteFile
TlsAlloc
HeapDestroy
HeapCreate
GetCurrentThreadId
LeaveCriticalSection
TlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess

user32

GetForegroundWindow
wsprintfW
MessageBoxW
GetActiveWindow
SetWindowLongW
EnableWindow
GetParent
GetDlgItem
GetWindowLongW
SendDlgItemMessageW
GetWindowTextW
FindWindowA
SendMessageW

winspool.drv

GetJobW
OpenPrinterW
SetPrinterDataW
ClosePrinter
GetPrinterDataW
GetPrinterW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyA
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegDeleteValueW
RegCreateKeyW
RegEnumKeyW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17e65ca057dbb287574e12877678c885

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

version

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 72KB - Virtual size: 69KB

.rsrc Size: 12KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 72KB - Virtual size: 69KB

.rsrc
Size: 12KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB