18fede7bb7c6fe923e37b9808a1db6a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18fede7bb7c6fe923e37b9808a1db6a8_JaffaCakes118
Size

182KB
MD5

18fede7bb7c6fe923e37b9808a1db6a8
SHA1

1432101e64a015cf70a0ad0f68f14de97fb27b19
SHA256

c1be17ddc85faaa4c5df31fd7a251a2e362d30b4c359aad0426b75c0c25e5f1f
SHA512

e016e2c8c3f81bef8d58aa4d2d574748dc2a7aa8a25775d5ca621d21ae8eeaf4f526f3e775be263a9195a1d31a4761b3d4d080dbae4f0258f2fcb9c895324292
SSDEEP

3072:Zh2HMAKIFDhSw5qTKt9cCWFL17TkTzdxSP965s6xLPY/P17SB7p7z+vShqXHVrG6:ZAHMHpH6m3TkP/SP9axk/PpSBQvSQFqj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18fede7bb7c6fe923e37b9808a1db6a8_JaffaCakes118

Files

18fede7bb7c6fe923e37b9808a1db6a8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32e76f18f6efc8611b24a36efb43be5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize

gdi32

CreateBitmap
SelectObject
BitBlt
DeleteDC
CreateCompatibleBitmap
StretchBlt
SetBrushOrgEx
SetBkColor
CreateCompatibleDC
CreateSolidBrush
GetObjectType
GetObjectW
CreateDCW
CreateDIBSection
GetDIBits
DeleteObject
SetStretchBltMode

winmm

timeGetTime

kernel32

GetProcAddress
lstrlenW
lstrlenA
RemoveDirectoryW
ReleaseMutex
WaitForMultipleObjects
DeleteFileA
DeleteCriticalSection
DeleteFileW
GetLastError
GetVersionExA
SetFileAttributesW
GetModuleFileNameW
SetFileAttributesA
GetSystemTime
MultiByteToWideChar
InterlockedExchange
FreeLibrary
GetPriorityClass
GetTempPathW
CopyFileA
GetTickCount
CreateDirectoryA
QueryPerformanceCounter
CreateDirectoryW
ReadFile
LocalFree
GetThreadLocale
EnterCriticalSection
MulDiv
CloseHandle
GetLocaleInfoA
EnumResourceTypesW
InterlockedDecrement
OutputDebugStringA
OutputDebugStringW
InitializeCriticalSection
CreateFileA
LoadLibraryW
GetVersionExW
WaitForSingleObject
GetCurrentProcessId
DisableThreadLibraryCalls
FindNextFileW
FindFirstFileW
GetTempPathA
ExitProcess
LocalAlloc
FindClose
GetCurrentThreadId
GetTempFileNameA
WideCharToMultiByte
GetFileAttributesA
GetACP
InterlockedIncrement
CreateMutexA
GetModuleFileNameA
SetFilePointer
WriteFile
Sleep
LeaveCriticalSection
GetTempFileNameW
GetSystemTimeAsFileTime

user32

ReleaseDC
GetDC
OffsetRect
SetRectEmpty
CopyRect
FillRect
TranslateMessage
PeekMessageW
IsRectEmpty
GetClientRect
wsprintfW
DispatchMessageW
GetWindowRect

shell32

SHGetSpecialFolderPathA

avifil32

AVISaveOptions
AVIMakeCompressedStream

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExA
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegDeleteKeyA

shlwapi

PathIsDirectoryW
PathCombineW
PathAppendW
PathFileExistsW
PathAddBackslashW
PathFileExistsA
PathRemoveBackslashW
PathRenameExtensionW
PathRemoveFileSpecW

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32e76f18f6efc8611b24a36efb43be5c

Headers

File Characteristics

Imports

ole32

gdi32

winmm

kernel32

user32

shell32

avifil32

advapi32

shlwapi

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 124KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 124KB