181a6e743aa8727f7f6aa04551d9cca4_JaffaCakes118

General

Target

181a6e743aa8727f7f6aa04551d9cca4_JaffaCakes118
Size

16KB
MD5

181a6e743aa8727f7f6aa04551d9cca4
SHA1

ed685a6c16334c468fb4f3f8f28eaad02da34825
SHA256

cf4afc11a64574c88a8e27cea9fb3868478c16f7ff6fd9496cab6345a2ef46ce
SHA512

717bbf1cc9a8fff3cb61d057555ad85a733623c734a1e242d6545b732ea8e9de41c4f501688656657933fc7d172270b49483a7a2b7b433b5f23a805b9265b048
SSDEEP

384:+R1oPY5FjWV9gGw9r1I5em5aw69a9YcpTVv82o:MjWDZwR+Dnua9YAT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
181a6e743aa8727f7f6aa04551d9cca4_JaffaCakes118

Files

181a6e743aa8727f7f6aa04551d9cca4_JaffaCakes118
.dll windows:1 windows x86 arch:x86

1f35af90a9983ce2e13afeae37e18fa0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateDirectoryW
CreateFileA
CreateFileW
CreateFileMappingA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FindFirstFileA
FindNextFileA
FreeLibrary
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetProcAddress
GetProcessHeap
GetShortPathNameA
GetSystemDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalFree
HeapAlloc
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MoveFileA
MoveFileExA
OpenFileMappingA
RemoveDirectoryA
SetFilePointer
Sleep
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
WaitForSingleObject
WriteFile
lstrcatA
lstrcmpW
lstrcpyA

user32

CreateDialogParamW
CreateWindowExW
DefWindowProcW
ExitWindowsEx
FindWindowW
GetAsyncKeyState
GetClassInfoExW
GetCursorPos
GetDlgItem
IsDialogMessageW
IsWindowVisible
KillTimer
RegisterClassExW
SendMessageA
SetLayeredWindowAttributes
SetTimer
SetWindowLongA
SetWindowTextW
ShowWindow
wsprintfA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA

wininet

FtpCreateDirectoryA
FtpPutFileA
FtpSetCurrentDirectoryA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA

wintrust

WinVerifyTrust

shell32

SHGetFolderPathA
ShellExecuteA
StrRChrA

ntdll

RtlAdjustPrivilege

Sections

.code
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

1f35af90a9983ce2e13afeae37e18fa0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

wininet

wintrust

shell32

ntdll

Sections

.code Size: 11KB - Virtual size: 11KB

.idat Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 11KB - Virtual size: 11KB

.idat
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB