0c5bb47ca2224cd1bb00abb3f9101680_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c5bb47ca2224cd1bb00abb3f9101680_JaffaCakes118
Size

1020KB
MD5

0c5bb47ca2224cd1bb00abb3f9101680
SHA1

0a4dd284b33c06fcb5052da96ae530d9ecc4c254
SHA256

15835a42696c6015ade219182138fa125e44178ae531c337cc34f0c6d57902e7
SHA512

c6d416835ee1b9d904d9294cf0c41b3bf604039b99d0d157b1614956cf6c7cba971245ad889c1e1402d69bc50232ba093e7244d86a2a91045c34572053401a48
SSDEEP

12288:bazndMVZlbaX92v0Na5nHzEj8tM8JJkQlGD2veIngsi:bazndMV7gMIa5nTE4JJkQgceInQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c5bb47ca2224cd1bb00abb3f9101680_JaffaCakes118

Files

0c5bb47ca2224cd1bb00abb3f9101680_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c46d16678fe35a93f192b4293580ffa8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
SetFilePointer
GetProcAddress
ReadFile
WriteFile
CloseHandle
GetLastError
HeapSize
GetCurrentProcess
TerminateProcess
RaiseException
LCMapStringW
LCMapStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
IsBadWritePtr
HeapReAlloc
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
HeapAlloc
GetWindowsDirectoryA
HeapFree
ExitProcess
VirtualFree
GetVersion
HeapCreate
HeapDestroy
VirtualAlloc

user32

WaitMessage
ShowCursor
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
DestroyWindow
PostMessageA
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
MessageBoxA
ShowWindow
UpdateWindow
SetFocus

ddraw

DirectDrawCreate

dsound

ord1

winmm

timeKillEvent
timeGetDevCaps
timeSetEvent
timeBeginPeriod

fmod

_FSOUND_Init@12
_FSOUND_Stream_Play@8
_FSOUND_Stream_OpenFile@12
_FSOUND_Stream_Close@4
_FSOUND_Close@0

binkw32

_BinkClose@4
_BinkWait@4
_BinkOpenDirectSound@4
_BinkSetSoundSystem@8
_BinkNextFrame@4
_BinkDoFrame@4
_BinkCopyToBuffer@28
_BinkOpen@8
_BinkBufferOpen@16

Sections

.text
Size: 312KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

codeseg
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

datasg
Size: 4KB - Virtual size: 34B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.STEntry
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c46d16678fe35a93f192b4293580ffa8

Headers

File Characteristics

Imports

kernel32

user32

ddraw

dsound

winmm

fmod

binkw32

Sections

.text Size: 312KB - Virtual size: 309KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 24KB - Virtual size: 273KB

codeseg Size: 8KB - Virtual size: 7KB

datasg Size: 4KB - Virtual size: 34B

.rsrc Size: 4KB - Virtual size: 3KB

.STEntry Size: 652KB - Virtual size: 651KB

.text
Size: 312KB - Virtual size: 309KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 24KB - Virtual size: 273KB

codeseg
Size: 8KB - Virtual size: 7KB

datasg
Size: 4KB - Virtual size: 34B

.rsrc
Size: 4KB - Virtual size: 3KB

.STEntry
Size: 652KB - Virtual size: 651KB