3fa3fc0a2599b3a161c5a492688d2420_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fa3fc0a2599b3a161c5a492688d2420_JaffaCakes118
Size

3.6MB
MD5

3fa3fc0a2599b3a161c5a492688d2420
SHA1

b02c2464079b5c7ce4e880f2f44ae98e1a46d63f
SHA256

b8585933da98e3f58b1f083fb7735d52146076ab9739da6c20dffa0ba686d973
SHA512

cd50fa2bfb99129abdbb17a88bdc3875f2d2950accb098b445f9227af50d980d617157ba0b1e4c3f6b491501e9f30b01ee33db48e9f2bc30c23261f40753109c
SSDEEP

49152:IpkLME1oE1FJs1f2tQAz9k5F8NwdREZ1613XoExXe28Qb1RIF2UL4:1h1oEbJs1f2txz9WWGRELAXooXe2v/z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fa3fc0a2599b3a161c5a492688d2420_JaffaCakes118

Files

3fa3fc0a2599b3a161c5a492688d2420_JaffaCakes118
.dll windows:4 windows x86 arch:x86

78d4b16ec65590c2a26b778af30fadb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LeaveCriticalSection
GetWindowsDirectoryA
CreateThread
ReleaseMutex
GetCurrentProcessId
FindFirstFileA
ResumeThread
HeapAlloc
EnterCriticalSection
FindResourceA
GetModuleFileNameA
CreateFileA
GetVersionExA
ResetEvent
VirtualProtect
FindClose
IsBadWritePtr
GetCurrentThreadId
CreateFileMappingA
CreateMutexA
FlushViewOfFile
VirtualAlloc
CompareFileTime
GetLastError
GetPrivateProfileIntA
Sleep
GetTickCount
DeleteFileA
TerminateThread
VirtualFree
WaitForSingleObject
GetComputerNameA
InitializeCriticalSection
GetPrivateProfileStringA
CreateProcessA
GetProcessHeap
CloseHandle
SizeofResource
MapViewOfFile
FreeLibrary
LoadResource
GetProcAddress
GetCurrentProcess
SetFileTime
SetEvent
WriteFile
DeleteCriticalSection
HeapFree
LoadLibraryA
LockResource
WaitForMultipleObjects
CreateEventA
DeviceIoControl
GetVersion
GetSystemTime
QueryPerformanceCounter
ExitProcess
SetUnhandledExceptionFilter
DuplicateHandle
GetCurrentThread
GetUserDefaultLangID
GetSystemTimeAsFileTime
SetStdHandle
GetStringTypeW
GetStringTypeA
GetSystemInfo
GetLocaleInfoA
SetConsoleCtrlHandler
VirtualQuery
InterlockedExchange
RtlUnwind
RaiseException
GetCommandLineA
HeapReAlloc
TerminateProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
LCMapStringA
MultiByteToWideChar
LCMapStringW
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers

user32

MessageBoxA
GetWindowThreadProcessId
EnumWindows
EnumChildWindows
CloseWindow
DestroyWindow

ole32

CoCreateGuid

Exports

Exports

GrdPrepare
InitProtApp

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 648KB - Virtual size: 645KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78d4b16ec65590c2a26b778af30fadb8

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 28KB - Virtual size: 121KB

.rsrc Size: 648KB - Virtual size: 645KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 28KB - Virtual size: 121KB

.rsrc
Size: 648KB - Virtual size: 645KB

.reloc
Size: 20KB - Virtual size: 16KB