0db638954f7668078637c036d0d76593_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0db638954f7668078637c036d0d76593_JaffaCakes118
Size

496KB
MD5

0db638954f7668078637c036d0d76593
SHA1

21fae6552dcc8168e0f035fc69f5457f3302ebe8
SHA256

c24487df6986869857d1386b1e18b85ac7db3b971f7d5c388fd1fcb4e0f0ddb2
SHA512

2c48792cc33cebbd49327e38e848e9f20dc7b7bc3e4bb468d7f34d8869da8dca7b6ea9fd1ae3569d7e492dbced1da3b1d13c9acab01b3b3a27ba1e2f6e2d7348
SSDEEP

12288:jZWvWlqKcJQAquXJAiMZn9B32HdBX3Z7L:tYWlqKcJQAquXJJMfl2Hjd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0db638954f7668078637c036d0d76593_JaffaCakes118

Files

0db638954f7668078637c036d0d76593_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57329f987756ac4442b20979d702133d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ddraw

DirectDrawCreate

gdi32

StretchBlt
GetStockObject
SetSystemPaletteUse

kernel32

CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
SetEnvironmentVariableA
LCMapStringW
LCMapStringA
RaiseException
CreateFileA
InitializeCriticalSection
FlushFileBuffers
GetConsoleMode
GetConsoleCP
ReadFile
MultiByteToWideChar
SetFilePointer
GetOEMCP
SetEndOfFile
GetLocalTime
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
CreateThread
TerminateThread
CloseHandle
FreeLibrary
SetThreadPriority
Sleep
GetCurrentDirectoryA
GetStringTypeA
GetModuleHandleA
GetACP
GetCPInfo
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetFileType
LockResource
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetLastError
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

LoadIconA
SendMessageA
MoveWindow
GetSystemMetrics
GetWindowRect
ShowCursor
MessageBoxA
PostQuitMessage
DefWindowProcA
PostMessageA
GetClientRect
GetDC
ReleaseDC
SetWindowLongA
wvsprintfA
FindWindowA
RegisterClassA
AdjustWindowRect
CreateWindowExA
UpdateWindow
LoadCursorA
SetCursor
PeekMessageA
TranslateMessage
DispatchMessageA
WaitMessage
DestroyWindow
UnregisterClassA
DestroyCursor
DestroyCursor
ShowWindow

winmm

joyGetDevCapsA
joyGetPos
joyGetNumDevs
mmioRead
mmioDescend
mmioOpenA
mmioGetInfo
mmioSeek
mmioAdvance
mmioClose

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mackt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

57329f987756ac4442b20979d702133d

Headers

File Characteristics

Imports

ddraw

gdi32

kernel32

user32

winmm

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 69KB - Virtual size: 72KB

.data Size: 46KB - Virtual size: 100KB

.rsrc Size: 27KB - Virtual size: 28KB

.mackt Size: 4KB - Virtual size: 4KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 69KB - Virtual size: 72KB

.data
Size: 46KB - Virtual size: 100KB

.rsrc
Size: 27KB - Virtual size: 28KB

.mackt
Size: 4KB - Virtual size: 4KB