10a34640fba05520712254b9b9405be0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

10a34640fba05520712254b9b9405be0_JaffaCakes118
Size

367KB
MD5

10a34640fba05520712254b9b9405be0
SHA1

4312126f7c95d384c0dd82e23565090563274a39
SHA256

9c99458e7cca21da41178cdff64715ced87e03fe61e33182854e4b0438b3b1f9
SHA512

cea4500db17d80b5acee020197246b8188dbee320116e95639617fe4fce8290abef281d492f4f097aa7a014263ffbe521505cba1618ddf031c310bca42e117c9
SSDEEP

6144:hw5nKlNFAmzKpQl/nTWrCPPsD8xJpzPNXtSlpL+pyxmjO+moBAZXUBgGnLU:OuDAmRLWrxD8xDzPNdSlpL+ywjrmQAZR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
10a34640fba05520712254b9b9405be0_JaffaCakes118

Files

10a34640fba05520712254b9b9405be0_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7b4a0a937edcb6376c28bc3eb3d1e939

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xampp\htdocs\Builder\b874bcdb5820f65e69b0a8db9e8d6f42\Release\Project1.pdb

Imports

winmm

DrvGetModuleHandle
joyConfigChanged
joyGetDevCapsA
mci32Message
midiInGetNumDevs
midiOutGetErrorTextA
midiStreamClose
midiStreamOpen
mixerGetNumDevs
mmioStringToFOURCCW
timeGetSystemTime
waveInGetID
waveOutGetNumDevs
waveOutGetVolume
waveOutWrite
wid32Message

ws2_32

WSAAddressToStringW
WSAAsyncSelect
WSADuplicateSocketA
WSAEnumNetworkEvents
WSAGetServiceClassNameByClassIdW
WSAIsBlocking
WSANtohl
WSASocketA
WSASocketW
WSAStringToAddressW
WSCDeinstallProvider
WSCInstallNameSpace
__WSAFDIsSet
accept
getprotobynumber
getservbyname
getservbyport
getsockname
getsockopt
inet_ntoa
ntohs
recvfrom

crypt32

CertAddCTLContextToStore
CertAddCertificateContextToStore
CertAddEncodedCRLToStore
CertAddEncodedCertificateToSystemStoreW
CertCreateCRLContext
CertDuplicateCRLContext
CertEnumCTLContextProperties
CertFindCTLInStore
CertFindExtension
CertFreeCertificateContext
CertGetCRLFromStore
CertGetIntendedKeyUsage
CertVerifySubjectCertificateContext
CryptDecodeObject
CryptMsgCountersignEncoded
CryptMsgOpenToDecode
CryptMsgVerifyCountersignatureEncoded
CryptSignAndEncodeCertificate
CryptSignMessageWithKey

msi

ord24
ord164
ord165
ord169
ord35
ord42
ord43
ord59
ord67
ord70
ord77
ord86
ord91
ord94
ord96
ord98
ord119
ord122
ord126
ord132
ord133

avifil32

AVIBuildFilter
AVIFileAddRef
AVIFileCreateStreamA
AVIFileEndRecord
AVIFileGetStream
AVIFileInfoW
AVIFileOpenW
AVIFileRelease
AVISaveA
AVIStreamEndStreaming
AVIStreamGetFrame
AVIStreamLength
AVIStreamReadFormat
EditStreamCopy
IID_IAVIFile

msvfw32

DrawDibClose
DrawDibOpen
DrawDibStart
GetOpenFileNamePreviewA
ICClose
ICDrawBegin

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

kernel32

CloseHandle
CompareStringW
CreateFileW
CreateThread
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b4a0a937edcb6376c28bc3eb3d1e939

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ws2_32

crypt32

msi

avifil32

msvfw32

avicap32

kernel32

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 3KB - Virtual size: 7KB

.00cfg Size: 512B - Virtual size: 4B

.gfids Size: 512B - Virtual size: 416B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 7KB

.00cfg
Size: 512B - Virtual size: 4B

.gfids
Size: 512B - Virtual size: 416B

.rsrc
Size: 1KB - Virtual size: 1KB