3d2851853b54848deee06c78ec3e0055_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d2851853b54848deee06c78ec3e0055_JaffaCakes118
Size

152KB
MD5

3d2851853b54848deee06c78ec3e0055
SHA1

aa7c3aa03235de1a3a486f82dca2eb0f5b446690
SHA256

aaf8f8df26ca1f2cce36d2dddb2e0cfeacd81b439484f1be21bc65f0c7a7fd7a
SHA512

9fd0d13dc81b4ad96494c7cbfa2e7d2cfa05893d6c0731aca6e30d65fa7314a26242d48cd991707bb61d3643991dfaadbcec5c7c6d870a78ed39965cd0bb75ce
SSDEEP

3072:n/DL0Ib4qmhNk2nNvTUoQ/qte3nkztmcqOwG1hFM6z3e4LX9qoWhDguyG:n/DgaAttTd2qQXG6L0hRO4LX9qBNL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d2851853b54848deee06c78ec3e0055_JaffaCakes118

Files

3d2851853b54848deee06c78ec3e0055_JaffaCakes118
.dll windows:4 windows x86 arch:x86

254096f62566c8609fd20564e3a0d23b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumeInformationA
InterlockedIncrement
GlobalFree
HeapAlloc
GetLastError
OpenEventA
GetProcAddress
WriteFile
CopyFileA
LeaveCriticalSection
GetModuleFileNameA
OpenFileMappingA
CreateProcessA
GetCommandLineA
CreateFileMappingA
GetComputerNameA
ExitProcess
WriteProcessMemory
SetLastError
GetModuleHandleA
HeapFree
TerminateProcess
LocalFree
EnterCriticalSection
WaitForSingleObject
UnmapViewOfFile
GetCurrentProcess
CloseHandle
GetProcessHeap
MapViewOfFile
CreateFileA
GetTickCount
InterlockedDecrement
ReadProcessMemory
Sleep
GlobalAlloc
LoadLibraryA
InterlockedCompareExchange
CreateMutexW
CreateEventA
CreateDirectoryA

ole32

OleSetContainedObject
OleCreate
CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid
CoSetProxyBlanket
CoTaskMemAlloc

user32

TranslateMessage
DispatchMessageA
GetCursorPos
UnhookWindowsHookEx
PeekMessageA
GetWindow
ScreenToClient
GetParent
SetWindowLongA
GetClassNameA
RegisterWindowMessageA
CreateWindowExA
GetSystemMetrics
DestroyWindow
ClientToScreen
GetWindowThreadProcessId
KillTimer
DefWindowProcA
PostQuitMessage
SetTimer
FindWindowA
SetWindowsHookExA
SendMessageA
GetMessageA
GetWindowLongA

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

shlwapi

UrlUnescapeW
StrStrIW

advapi32

OpenProcessToken
SetTokenInformation
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
DuplicateTokenEx
GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFolderPathA

Exports

Exports

SmartNet80

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 985B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

254096f62566c8609fd20564e3a0d23b

Headers

File Characteristics

Imports

kernel32

ole32

user32

oleaut32

shlwapi

advapi32

shell32

Exports

Exports

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 985B

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 985B

.reloc
Size: 8KB - Virtual size: 6KB