e985acdd52b7bccdd6feb85ebd74c722_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e985acdd52b7bccdd6feb85ebd74c722_JaffaCakes118
Size

62KB
MD5

e985acdd52b7bccdd6feb85ebd74c722
SHA1

3b06269aa9e747ff21ab993a04877cc4e52e2f99
SHA256

ddd3fe457d8240a722852e3a50ae2b385ff4129d02966aa8991cd3342d2d6eb2
SHA512

2e39c4b36e9928851fc86d9fc541956c3079a1ded09cca5ee677fbe1b3c9272b87651b65e53279cede3c4ed37028fcbae0823c4ee25180d5bc132cef8d155507
SSDEEP

1536:GWeKvVJqEUuaQtAaQYxIw7vyeGkkGa2rdV1l:GDKbZUuaOABj4qeGkkG5jl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SysInternalsBluescreen.scr

Files

e985acdd52b7bccdd6feb85ebd74c722_JaffaCakes118
.zip
Eula.txt
SysInternalsBluescreen.scr
.exe windows:4 windows x86 arch:x86

1366c969d6a684ae8ee6653f31504543

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

ddraw

DirectDrawCreate

winmm

timeSetEvent
timeKillEvent

kernel32

GetCurrentProcess
SetFilePointer
WriteFile
CreateEventA
LoadLibraryExA
WriteConsoleA
GetStdHandle
GetDiskFreeSpaceExA
GetVolumeInformationA
WaitForSingleObject
GetSystemInfo
GetDriveTypeA
GetLogicalDrives
FreeConsole
DeleteFileA
FlushConsoleInputBuffer
SetConsoleCursorPosition
FillConsoleOutputCharacterA
SetConsoleCursorInfo
SetConsoleMode
AllocConsole
Sleep
FreeLibrary
GetSystemPowerStatus
UnhandledExceptionFilter
ExitProcess
GetStartupInfoA
FlushFileBuffers
LCMapStringW
GetProcAddress
Beep
ReadFile
GetStringTypeW
lstrcpynA
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
HeapReAlloc
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
SetLastError
TlsAlloc
GetCurrentThreadId
TerminateProcess
RtlUnwind
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
LocalAlloc
LoadLibraryA
LocalFree
FindResourceA
LoadResource
LockResource
_lopen
_lread
_lclose
GetCommandLineA
GetVersion
GetTempPathA
CreateFileA
CloseHandle
GetTickCount
SetStdHandle
OutputDebugStringA
ExitThread
TlsSetValue
GetVersionExA
GetStringTypeA
GetModuleHandleA
LCMapStringA
HeapFree
HeapAlloc
GetLastError
ResumeThread
CreateThread

user32

SetWindowTextA
GetSystemMetrics
CharNextA
LoadIconA
GetClientRect
FindWindowA
RegisterWindowMessageA
GetForegroundWindow
PeekMessageA
DialogBoxParamA
IsWindow
PostQuitMessage
GetCursorPos
SetForegroundWindow
SetFocus
LoadBitmapA
MsgWaitForMultipleObjects
DestroyWindow
GetDC
ReleaseDC
LoadCursorA
SetCursor
InflateRect
GetDlgItem
GetSysColorBrush
GetParent
SendMessageA
DialogBoxIndirectParamA
EndDialog
IsDlgButtonChecked
CheckDlgButton
PostMessageA
InvalidateRect
RegisterClassA
GetMessageA
DispatchMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
MessageBoxA
OffsetRect
IntersectRect
SystemParametersInfoA

gdi32

CreateDIBitmap
CreatePalette
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
StretchBlt
DeleteDC
GetObjectA
CreateSolidBrush
GetClipBox
GetDCOrgEx
GetStockObject

comdlg32

PrintDlgA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA

Exports

Exports

ScreenSaverConfigureDialog
ScreenSaverProc

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1366c969d6a684ae8ee6653f31504543

Headers

File Characteristics

Imports

comctl32

ddraw

winmm

kernel32

user32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 120KB - Virtual size: 124KB

.sxdata Size: 4KB - Virtual size: 4B

.rsrc Size: 520KB - Virtual size: 517KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 120KB - Virtual size: 124KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 520KB - Virtual size: 517KB