127a3c1c31c2c05ce8505357894e634c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

127a3c1c31c2c05ce8505357894e634c_JaffaCakes118
Size

140KB
MD5

127a3c1c31c2c05ce8505357894e634c
SHA1

3848b201814ed529b63135618b81a5161e31a452
SHA256

781342a834f924b521e3336bb7cd6a6cef30a1d1fa244c07fe2d8330f59fb330
SHA512

33e500003cabf18910dceb50d357d84a725697134ed720dc210b9bebd4234599ffbbd39b1f1e27e4365fef63b49f8b896ed4a2d638d4611a0a40337577de8738
SSDEEP

3072:Niy7cQ3ffI4VrQyJJ6Wfa3OFWExO++TH1TMzg3vy:ky7ccrQynL/YXTBXv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
127a3c1c31c2c05ce8505357894e634c_JaffaCakes118

Files

127a3c1c31c2c05ce8505357894e634c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e544afe6e48faac48b548b64d59dbfd7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryA
LoadLibraryA
CreateFileA
OpenEventA
InterlockedDecrement
GlobalAlloc
GetCurrentProcess
CreateProcessA
ExitProcess
CopyFileA
GetCommandLineA
GetComputerNameA
OpenFileMappingA
HeapFree
TerminateProcess
CreateEventA
MapViewOfFile
UnmapViewOfFile
LocalFree
CreateFileMappingA
InterlockedIncrement
SetLastError
Sleep
CreateMutexW
WriteFile
WaitForSingleObject
GetLastError
GetTickCount
GetModuleHandleA
InterlockedCompareExchange
WriteProcessMemory
GetModuleFileNameA
CloseHandle
HeapAlloc
GetVolumeInformationA
GetProcessHeap
ReadProcessMemory
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetProcAddress

ole32

OleCreate
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
OleSetContainedObject
CoTaskMemAlloc
CoSetProxyBlanket

user32

GetMessageA
TranslateMessage
PostQuitMessage
GetParent
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
SetTimer
SetWindowsHookExA
DestroyWindow
ClientToScreen
UnhookWindowsHookEx
GetCursorPos
DefWindowProcA
FindWindowA
GetWindow
GetSystemMetrics
RegisterWindowMessageA
GetClassNameA
CreateWindowExA
KillTimer
SetWindowLongA
PeekMessageA
ScreenToClient
DispatchMessageA

oleaut32

SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

StrStrIW
UrlUnescapeW

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegQueryValueExA
SetTokenInformation
DuplicateTokenEx
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
GetUserNameA

shell32

SHGetFolderPathA

Exports

Exports

mfcMousedrm

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e544afe6e48faac48b548b64d59dbfd7

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 111KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1000B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 112KB - Virtual size: 111KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1000B

.reloc
Size: 8KB - Virtual size: 6KB