0fbe3ed6fc7ae7b8f4dc2d2abbeaf568_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0fbe3ed6fc7ae7b8f4dc2d2abbeaf568_JaffaCakes118
Size

2.9MB
MD5

0fbe3ed6fc7ae7b8f4dc2d2abbeaf568
SHA1

7c6b9b4dbc27cadd6c726d9462f3b024eaf6d9ad
SHA256

c5dec9e12e1b4a36e9d87bccfc03f5b7ccd2f96ee1dd222e2880bceb472bb794
SHA512

8c6c4d360c344db3eadcadf449ea79c1f1888373116aaf3b2078124c75df2a659c9892dae974a94fe0a6f0d218c3b1e9aacfe282ced2cd7fd23fcc0b4e5faeff
SSDEEP

24576:8NEKGzHFqDK2F3WXTFwo++cr4Wp1gLst+ql24CtOa17VKsLvdEK2ptKjw+pylFGI:8Nm+bu+lg19vtaUYIguj1j6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fbe3ed6fc7ae7b8f4dc2d2abbeaf568_JaffaCakes118

Files

0fbe3ed6fc7ae7b8f4dc2d2abbeaf568_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1e288f86a48e302c5dd070a71f80798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
CreateThread
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
OpenFile
VirtualLock
VirtualProtect
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetLocaleInfoW
SetEndOfFile
CreateFileA
FindResourceA
LoadResource
LockResource
GetModuleHandleA
GetCommandLineA
ExitProcess
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetVersionExA
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
CopyFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindFirstFileA
GetFileAttributesA
FindNextFileA
GetFullPathNameA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
RtlUnwind
GetVersion
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
TerminateProcess
GetCurrentProcess
HeapSize
GetLastError
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
SetFilePointer
FlushFileBuffers
ReadFile
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
SetEnvironmentVariableA
SetStdHandle
SetEnvironmentVariableW

user32

KillTimer
SetForegroundWindow
SetTimer
UpdateWindow
CreateWindowExA
RegisterClassA
LoadCursorA
UnregisterClassA
DestroyWindow
ShowCursor
ShowWindow
ClientToScreen
GetClientRect
SetCursorPos
ScreenToClient
SetCursor
SetCapture
ReleaseCapture
GetCursorPos
EndPaint
BeginPaint
PostMessageA
DefWindowProcA
DispatchMessageA
PeekMessageA
GetMessageA
GetWindowLongA
GetWindowRect
SetWindowPos
SetWindowLongA
InvalidateRect
MoveWindow
GetSystemMetrics
SystemParametersInfoA
ToAscii
MapVirtualKeyA
GetForegroundWindow
CharLowerBuffA
DialogBoxParamA
GetDesktopWindow
SetWindowTextA
GetWindowTextA
EnableWindow
GetDlgItem
MessageBoxA
EndDialog
SendDlgItemMessageA

wsock32

ntohl
getsockname
accept
send
recv
WSACleanup
WSAStartup
listen
ioctlsocket
connect
gethostbyname
getpeername
ntohs
closesocket
bind
socket
htonl
recvfrom
htons
sendto
select
inet_ntoa
setsockopt

winmm

waveInGetDevCapsA
timeSetEvent
timeGetTime
timeEndPeriod
timeGetDevCaps
timeBeginPeriod
waveInReset
waveInClose
mciSendCommandA
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerSetControlDetails
mixerOpen
mixerGetNumDevs
mixerClose
mciGetErrorStringA
waveOutGetDevCapsA
waveOutGetNumDevs
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetPosition
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInOpen
waveInGetNumDevs
waveInStart
timeKillEvent

d3dxof

DirectXFileCreate

dplayx

ord4

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

dinput

DirectInputCreateEx

gdi32

GetTextExtentPoint32A
DeleteObject
DeleteDC
SetTextColor
SelectObject
ExtTextOutA
RemoveFontResourceA
GetStockObject
GetTextMetricsA
SetBkColor
GetCharABCWidthsA
AddFontResourceA
CreateFontA
CreateCompatibleDC

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CLSIDFromString

advapi32

RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmFormatSuggest
acmStreamOpen
acmStreamSize

Exports

Exports

_bbWinMain@0
runtimeGetRuntime

Sections

.text
Size: 976KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1e288f86a48e302c5dd070a71f80798

Headers

File Characteristics

Imports

kernel32

user32

wsock32

winmm

d3dxof

dplayx

ddraw

dinput

gdi32

shell32

ole32

advapi32

msacm32

Exports

Exports

Sections

.text Size: 976KB - Virtual size: 975KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 116KB - Virtual size: 348KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 60KB - Virtual size: 57KB

.text
Size: 976KB - Virtual size: 975KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 116KB - Virtual size: 348KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 60KB - Virtual size: 57KB