26a2a9cc91919ac15c54f0f2da4b516d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26a2a9cc91919ac15c54f0f2da4b516d_JaffaCakes118
Size

136KB
MD5

26a2a9cc91919ac15c54f0f2da4b516d
SHA1

1f4f4aab28289c18977d851ecbe082f9b73b7660
SHA256

d9f88f0d82abdd0098a9292b5f66a64c3b8fcd901a006d6153db0d9e77113054
SHA512

69dd16563abf696c5e64b512c012f9803f368dc00a6d30e8f1bb39646e69b917f7c80c0ccb1565859e02bfff76c0f4cfaa5e2ee68c97f9c936180dc1bc210da6
SSDEEP

3072:di8C70CedLFABh1ajrJ3eGF7HiATTVyJd4cc/vXsTH:dxLFaijl3es7JLVs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26a2a9cc91919ac15c54f0f2da4b516d_JaffaCakes118

Files

26a2a9cc91919ac15c54f0f2da4b516d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

582361101c2e794390e86795f811c1be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_vsnprintf

kernel32

GetProcessHeap
HeapDestroy
GetFileAttributesW
GetProcessHeaps
GlobalFree
GetFileType
GetModuleHandleA
DeleteCriticalSection
CloseHandle
GetVersion
LocalFree
GlobalReAlloc
SetFileAttributesW
LocalAlloc
LockFile
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
WaitForMultipleObjects
GetFileInformationByHandle
GetCurrentProcess
SetEnvironmentVariableW
GetModuleHandleW
ExpandEnvironmentStringsA
SetFileTime
MulDiv
UnlockFile
GlobalSize
SystemTimeToFileTime
GlobalAddAtomA
GetCommandLineW
LoadResource
FreeLibrary
TryEnterCriticalSection
FindResourceA
GlobalMemoryStatus
SetCriticalSectionSpinCount
GetFileSize
lstrcpyA
GetSystemTime
GetProcAddress
VirtualProtectEx

user32

MoveWindow
IsCharAlphaNumericA
SetClipboardViewer
UpdateWindow
SetCaretPos
GetClipboardViewer
MessageBoxW
DestroyCursor
GetWindowPlacement
GetDC
CreateIconIndirect
ShowCaret
EndPaint
TranslateAcceleratorW
SetWindowRgn
GetMessageExtraInfo
DrawTextW
GetLastActivePopup
FindWindowExA
GetWindowTextLengthA
BeginPaint
GetClassLongW
TranslateMessage
ScrollDC
SetClassLongW
PeekMessageW
RedrawWindow
CreateWindowExW
SwitchToThisWindow
CallWindowProcW
GetMessagePos
DispatchMessageW
GetWindowLongW
GetClassWord
LockWindowUpdate
LoadAcceleratorsA

gdi32

SetTextJustification
CreateCompatibleDC
DeleteObject
UnrealizeObject
GetDeviceCaps
RestoreDC
GetPixel
Chord
SetDCPenColor
GetCharWidthA
DPtoLP
GetDCPenColor
GetTextMetricsW
GetObjectW

advapi32

ReportEventW
ImpersonateNamedPipeClient
ImpersonateSelf
GetOldestEventLogRecord
GetEventLogInformation
DeregisterEventSource
WriteEncryptedFileRaw
CloseEncryptedFileRaw
GetTokenInformation
RevertToSelf

Exports

Exports

_FindProcessByName@8
_GetCuProcessId@8
_GetCurProcesInfo@4
_GetCurProcessHandle@12
_GetProcessList@20

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RDATA
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GLOBAL
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

IMPORTS
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

582361101c2e794390e86795f811c1be

Headers

File Characteristics

Imports

ntdll

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

RDATA Size: 512B - Virtual size: 480B

GLOBAL Size: 512B - Virtual size: 92B

CONST Size: 512B - Virtual size: 508B

IMPORTS Size: 3KB - Virtual size: 3KB

.rsrc Size: 116KB - Virtual size: 115KB

.reloc Size: 1024B - Virtual size: 840B

.text
Size: 13KB - Virtual size: 12KB

RDATA
Size: 512B - Virtual size: 480B

GLOBAL
Size: 512B - Virtual size: 92B

CONST
Size: 512B - Virtual size: 508B

IMPORTS
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 116KB - Virtual size: 115KB

.reloc
Size: 1024B - Virtual size: 840B