15434c4f9a19577473cbd91bf2708034_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15434c4f9a19577473cbd91bf2708034_JaffaCakes118
Size

175KB
MD5

15434c4f9a19577473cbd91bf2708034
SHA1

9dcc5a5aa1702197fcddcc83b14c1fcf1cecc63c
SHA256

413b02cdb3c3761aac1e48ff2ec39c6a17f53a0a3aa31ae89c217564354b8372
SHA512

47c860e5e361983e5341ce9ae05de9b7dd96432e1754d9da25b2dda6e18dc8c966878e09513847b9ce16ec6a9e6ca112e0403d9584e38ec12cc22d602d8e693e
SSDEEP

3072:VN8vtN1h57cvgYKkufQNS9nkt2wrGa8BkzBkJySi5nD+KfTayLCk:EtN1r7agYhuf2SSYwGa8oBvS0duyx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15434c4f9a19577473cbd91bf2708034_JaffaCakes118

Files

15434c4f9a19577473cbd91bf2708034_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b7d320848269c102418544af8c7db9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueW
RegSetValueExW
RegDeleteKeyW

kernel32

GetThreadLocale
DisableThreadLibraryCalls
GetModuleHandleW
lstrlenA
WaitForMultipleObjectsEx
GetCurrentProcessId
GlobalAlloc
LeaveCriticalSection
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
FindClose
FindFirstChangeNotificationW
MulDiv
lstrlenW
lstrcpynW
FindNextChangeNotification
InterlockedIncrement
GetProcessId
CreateThread
GetDriveTypeW
DeleteCriticalSection
FileTimeToSystemTime
FindFirstFileW
InterlockedDecrement
GlobalLock
CloseHandle
InitializeCriticalSection
EnterCriticalSection
GetFullPathNameW
EnumResourceTypesW
MultiByteToWideChar
QueryPerformanceCounter
GlobalUnlock
FileTimeToLocalFileTime
FindCloseChangeNotification
WideCharToMultiByte
GetSystemTimeAsFileTime
GetACP
GlobalReAlloc
ExitProcess
InterlockedExchange
GetLocaleInfoA
GetLastError
GetModuleFileNameA
GetVersionExW
GetTickCount
FreeLibrary
Sleep
GetProcAddress
GetCurrentThreadId
GetVersionExA

shell32

DragQueryFileW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW

ole32

StringFromGUID2
OleInitialize
OleUninitialize
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

GetWindowLongW
IsWindowVisible
LoadImageW
GetDesktopWindow
SetTimer
SetWindowLongW
DestroyMenu
EnableWindow
ReleaseCapture
UnionRect
EqualRect
ShowScrollBar
KillTimer
DrawTextW
GetCursorPos
GetParent
GetSysColorBrush
TrackPopupMenuEx
OffsetRect
GetActiveWindow
GetSystemMetrics
IsWindow
SetCapture
ReleaseDC
IntersectRect
GetWindowRect
GetSysColor
GetDC
CopyRect
FindWindowExW
SetRectEmpty
SetFocus
SetForegroundWindow
PtInRect
InflateRect
PostMessageW
FrameRect
IsRectEmpty
LoadCursorW
ClientToScreen
DrawFocusRect
SetCursor
GetClientRect
FillRect
BringWindowToTop
ScreenToClient
DefWindowProcW
CreatePopupMenu
SetRect
wsprintfW
UpdateWindow
SendMessageW
InvalidateRect

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b7d320848269c102418544af8c7db9c

Headers

File Characteristics

Imports

advapi32

kernel32

shell32

ole32

avifil32

user32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 67KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 380KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 67KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 380KB