f63c37b5319afffab993132ff26629bc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f63c37b5319afffab993132ff26629bc_JaffaCakes118
Size

84KB
MD5

f63c37b5319afffab993132ff26629bc
SHA1

8ae02dc90791aea49f23e4c4f882ed1eb11c5452
SHA256

e4699f48129e1b93e9adee7ca05c8fd989d8828bf5cb229bcf69a702f716a069
SHA512

052c0933178d2898ff546465c2d7acf2ae991c81285a27e7c23a3d55e219f6b93c169d360e63fa6417b687216a2f854a50a07485ccc42094fc3f8192b1942f92
SSDEEP

1536:SQCI6p1ITzMK3kkPdsXLUnmwl9glXWnNAuKjYkOw4KKPI:SE6p5KXPdwLbW9glGnWuYYZw4KKw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f63c37b5319afffab993132ff26629bc_JaffaCakes118

Files

f63c37b5319afffab993132ff26629bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db0a325cd3850685b9598895583341fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

storm

ord403
ord501
ord401
ord426
ord425
ord422
ord423
ord578

d2gfx

ord10020
ord10018
ord10015
ord10027
ord10001
ord10011

d2mcpclient

ord10001

d2sound

ord10000
ord10001

d2win

ord10001
ord10000
ord10036
ord10002
ord10171
ord10174
ord10205
ord10037

fog

ord10042
ord10089
ord10082
ord10021
ord10043
ord10101
ord10218
ord10227
ord10090
ord10143
ord10116
ord10019

advapi32

RegCloseKey
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
StartServiceCtrlDispatcherA
CreateServiceA
RegCreateKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

kernel32

GetModuleFileNameA
GetStdHandle
GetFileType
SetHandleCount
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
CloseHandle
GetUserDefaultLCID
GetPrivateProfileStringA
GetPrivateProfileIntA
GetCurrentDirectoryA
GetProcAddress
GetLastError
LoadLibraryA
FreeLibrary
SetCurrentDirectoryA
SetEvent
OpenEventA
HeapDestroy
GetModuleHandleA
GetVersion
SetEnvironmentVariableA
CompareStringW
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
EnumSystemLocalesA
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
GetEnvironmentVariableA
GetVersionExA
HeapAlloc
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetLocaleInfoA
HeapReAlloc
InitializeCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
IsBadWritePtr
SetStdHandle
Sleep
LCMapStringA
LCMapStringW
FlushFileBuffers
IsValidLocale

user32

MessageBoxA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db0a325cd3850685b9598895583341fa

Headers

File Characteristics

Imports

storm

d2gfx

d2mcpclient

d2sound

d2win

fog

advapi32

kernel32

user32

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 20KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 20KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 4KB