264b1cafc396d99a6818af7785c253fb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

264b1cafc396d99a6818af7785c253fb_JaffaCakes118
Size

120KB
MD5

264b1cafc396d99a6818af7785c253fb
SHA1

a1bc4645af244ba0660d1cc171f3f04b80deab28
SHA256

aaa63221ccd651c86686425c306abc5b968afd5cf879c1cf5d2e236e5fed8900
SHA512

87598a435ed98f6fa4171b8cf26b868367d0b9802a414f16b39868c63f480cfa4912a2907a5bfd0d704eb3c1ab4716134d37d5a0f619d805c176ba2e3e0927ef
SSDEEP

3072:7zJU6qVszkwMZ4xmgujDjDaEATBftMBgXbTmB:/JU6qVnwMZ4QjDjJATBlMBg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
264b1cafc396d99a6818af7785c253fb_JaffaCakes118

Files

264b1cafc396d99a6818af7785c253fb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

81b159bfc118b0e0e3f3feb68bca363b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysFreeString

ole32

CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

user32

CloseDesktop
EnumWindows
MessageBoxA
DestroyWindow
CreateWindowExA
OpenWindowStationA
SetProcessWindowStation
CloseWindowStation
wsprintfA
CharNextA
ReleaseDC
GetCursorInfo
DestroyCursor
LoadCursorA
GetDC
SetThreadDesktop
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SystemParametersInfoA
BlockInput
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
GetWindowTextA
GetClassNameA
GetWindow
SetCursorPos
SendMessageA
GetCursorPos
ShowWindow
EnableWindow
GetDesktopWindow
ShowOwnedPopups
mouse_event
GetWindowRect
FindWindowA

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

kernel32

FreeConsole
FillConsoleOutputCharacterA
AllocConsole
GetStdHandle
GetStartupInfoA
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetConsoleCtrlHandler
ExitProcess
GetConsoleOutputCP
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileTime
SetFileTime
GetLongPathNameA
GetTempPathA
GetWindowsDirectoryA
SetEnvironmentVariableA
GetConsoleWindow
GetConsoleTitleA
lstrcmpA
GetFileAttributesExA
WriteConsoleInputA
GetCurrentProcessId
Thread32First
OpenThread
VirtualQuery
TerminateThread
Thread32Next
WinExec
GetCommandLineA
OpenProcess
TerminateProcess
GetCurrentThreadId
Process32First
lstrcmpiA
Process32Next
LocalSize
GetTempFileNameA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
GetModuleHandleA
GetProcAddress
GenerateConsoleCtrlEvent
ReadConsoleOutputA
SetConsoleOutputCP
GetConsoleScreenBufferInfo
SetFileAttributesA
Module32Next
GetLogicalDriveStringsA
CloseHandle
WaitForSingleObject
CreateThread
DeleteFileA
ExpandEnvironmentStringsA
GetLastError
CreateDirectoryA
GetFileAttributesA
lstrlenA
MoveFileExA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
LocalFree
FindClose
FindNextFileA
LocalReAlloc
LocalAlloc
FindFirstFileA
RemoveDirectoryA
GetFileSize
CreateFileA
ReadFile
SetFilePointer
WriteFile
MoveFileA
DeviceIoControl
GetSystemInfo
GetVersionExA
GetProcessTimes
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemDirectoryA
ResetEvent
WaitForMultipleObjects
CreateEventA
VirtualFree
Sleep
GetTickCount
SetErrorMode
HeapFree
GetProcessHeap
HeapAlloc
ExitThread
GetShortPathNameA
GetModuleFileNameA
SetEvent
OpenEventA
CopyFileA
FreeLibraryAndExitThread
IsBadReadPtr
IsBadStringPtrW
RaiseException
LoadLibraryA
Module32First
CreateToolhelp32Snapshot
FreeLibrary
VirtualProtect

msvcrt

_ftol
_adjust_fdiv
_initterm
_stricmp
_memicmp
_wcsicmp
_strlwr
_strupr
strncat
ceil
wcsrchr
realloc
_beginthreadex
atol
wcslen
memcmp
wcstombs
memmove
__CxxFrameHandler
time
srand
rand
strlen
strchr
atoi
strncpy
??2@YAPAXI@Z
strcmp
strrchr
strstr
strcat
_except_handler3
malloc
strcpy
free
memset
memcpy
??3@YAXPAX@Z
_EH_prolog

Exports

Exports

DSCreateISecurityInfoObject
DSCreateISecurityInfoObjectEx
DSCreateSecurityPage
DSEditSecurity

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81b159bfc118b0e0e3f3feb68bca363b

Headers

File Characteristics

Imports

oleaut32

ole32

user32

gdi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 5KB