b7f193fa072c0e7e414627741c78bad6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b7f193fa072c0e7e414627741c78bad6_JaffaCakes118
Size

600KB
MD5

b7f193fa072c0e7e414627741c78bad6
SHA1

6c75654c5e75f7ab9ff08836d83a45fb0b9cca65
SHA256

898ef95a6e90a7323b47c78f82ffb493c725a6d2f71e0e501be855d09a6fe60f
SHA512

c1b8a1ef79ab7a54572969368acfb7ffe34d195eb513f5620d6e20492d24ac8ec1ba463b57bb4eff32cc80fe53797b84d4d424f3036a7e5d89e98e1070c220d2
SSDEEP

12288:Fau/RLJInmnlQMXA8uPlkr71/6PCy2iA7swhmMbb:QIRLJInmnlVXr71/lQqb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7f193fa072c0e7e414627741c78bad6_JaffaCakes118

Files

b7f193fa072c0e7e414627741c78bad6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

46e157d66018a7a7941b39a131d43382

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

M:\language\MediaPlayer\Driver\Mal.pdb

Imports

kernel32

GetProcAddress
GetCurrentDirectoryA
GetLastError
ReadFile
SetEndOfFile
CreateFileW
GetStringTypeW
LCMapStringW
VirtualQuery
GetProcessHeap
CreateFileA
CloseHandle
FlushFileBuffers
SetStdHandle
SetFilePointer
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
IsValidCodePage
FreeLibrary
GetOEMCP
GetACP
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
HeapCreate
GetFileType
GetStdHandle
SetHandleCount
InterlockedDecrement
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
WriteFile
SetLastError
InterlockedIncrement
GetModuleHandleW
TlsFree
lstrcpyW
lstrlenW
LocalAlloc
LocalReAlloc
lstrcpyA
LocalFree
lstrcatA
LoadLibraryW
GetCPInfo
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadReadPtr
HeapValidate
lstrlenA
WideCharToMultiByte
GetEnvironmentVariableW
GetModuleHandleA
RaiseException
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetEnvironmentStringsW
LoadLibraryA
GetCommandLineA
RtlUnwind
MultiByteToWideChar

user32

DestroyWindow
GetDC
SetRectEmpty
GetDialogBaseUnits
LoadAcceleratorsA
UpdateWindow
SendMessageA
EnumWindows
DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
SetWindowRgn
ShowWindow
GetWindowLongA
FindWindowA
GetWindowThreadProcessId
GetDlgItem
LoadMenuA
SetMenu
DestroyMenu
PostQuitMessage
CreatePopupMenu
AppendMenuA
DefWindowProcA
GetMenu
GetSubMenu
InsertMenuA
DrawMenuBar
SetForegroundWindow
UnhookWindowsHookEx
KillTimer
SetDlgItemTextA
CreateWindowExW
GetMenuItemCount
GetMenuItemInfoA
GetMenuState
GetMenuItemID
GetMenuStringA
SetMenuItemInfoA
GetWindowRect
ScreenToClient
GetCursorPos
SendDlgItemMessageA
EndDialog
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
SetWindowLongA

gdi32

SelectObject
CreateSolidBrush
GetStockObject
CreateEllipticRgn
CombineRgn
DeleteObject
SetTextColor
SetBkColor
CreatePen

shell32

SHGetSpecialFolderPathA

ole32

CoInitializeEx
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear

mpr

WNetCloseEnum

comctl32

ord6

gdiplus

GdiplusStartup
GdipGetDpiX
GdipCreateFromHDC
GdipDeleteGraphics

dsound

ord6

eappcfg

EapHostPeerGetMethods
EapHostPeerFreeErrorMemory
EapHostPeerFreeMemory

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fave
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46e157d66018a7a7941b39a131d43382

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

mpr

comctl32

gdiplus

dsound

eappcfg

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 14KB - Virtual size: 22KB

.fave Size: 35KB - Virtual size: 35KB

.flat Size: 4KB - Virtual size: 4KB

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 14KB - Virtual size: 22KB

.fave
Size: 35KB - Virtual size: 35KB

.flat
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 16KB - Virtual size: 15KB