3a66651e812dd29b055ec43b9e0a48f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a66651e812dd29b055ec43b9e0a48f4_JaffaCakes118
Size

356KB
MD5

3a66651e812dd29b055ec43b9e0a48f4
SHA1

62624ca4f31a6e57a18c5fc737760aff50c00c87
SHA256

ef69e45db612ecb8797ea7109953a5a06972cccf98004dff96aafb9c1c1ee961
SHA512

ba809c9324aaa292a457108279e6f5f1ecb735f712fb7ef5fd18baae6096def36c34362f3965629c21afd164d0c763b405489872d9afda8d3ed557d0bd5ab193
SSDEEP

6144:dtiUZMzqfN4OXaggYGQiul1MloQKdzvCUuL/WFLP+hgoJKmIT01p:dtbb4Ggq11MlarCUs/mrCzJG41p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a66651e812dd29b055ec43b9e0a48f4_JaffaCakes118

Files

3a66651e812dd29b055ec43b9e0a48f4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b1844f658bfcc097b9ef54541cf8496d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHEnumKeyExA

kernel32

CloseHandle
CompareStringA
CreateFileMappingA
CreateNamedPipeA
DeleteAtom
DeleteFileA
DisconnectNamedPipe
DuplicateHandle
GetConsoleCP
GetConsoleMode
GetExitCodeProcess
GetMailslotInfo
Beep
GetModuleHandleA
GetNamedPipeInfo
GetProcessHeap
GetCurrentProcessId
GetProcessVersion
GetStdHandle
GetCurrentThreadId
GetUserDefaultLCID
IsSystemResumeAutomatic
IsValidCodePage
SetFilePointer
GetStartupInfoA
VirtualProtect
ReadFile
GetModuleFileNameA
ExitProcess
GetBinaryTypeA
GetFileType
CancelIo
CallNamedPipeA
BackupSeek
BackupRead
lstrcmpA
lstrlenA
FlushViewOfFile
GetDriveTypeA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetCurrentDirectoryA
GetComputerNameW
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
WriteFile

user32

ReleaseDC

advapi32

GetUserNameW
GetUserNameA

msvcrt

malloc
free

winmm

DrvGetModuleHandle
timeEndPeriod

Exports

Exports

qfcoil

Sections

.code
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kzhs
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1844f658bfcc097b9ef54541cf8496d

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

msvcrt

winmm

Exports

Exports

Sections

.code Size: 36KB - Virtual size: 34KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 300KB - Virtual size: 296KB

kzhs Size: 4KB - Virtual size: 1B

.rsrc Size: 4KB - Virtual size: 776B

.reloc Size: 4KB - Virtual size: 1KB

.code
Size: 36KB - Virtual size: 34KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 300KB - Virtual size: 296KB

kzhs
Size: 4KB - Virtual size: 1B

.rsrc
Size: 4KB - Virtual size: 776B

.reloc
Size: 4KB - Virtual size: 1KB