3b1068747c69a9f8aa17efa09b912372_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b1068747c69a9f8aa17efa09b912372_JaffaCakes118
Size

166KB
MD5

3b1068747c69a9f8aa17efa09b912372
SHA1

d7458207a0c289e9f767d9047bc5c2a76cd1f002
SHA256

95eb47c9f0b93f789378fda0dff3ba53ab067ece5b802ac395b8bf7b79b5ff58
SHA512

30ead656015cacfb5a3048046f92c1fd3551e596ed94e8c9658bcceba90bee7434ea495f9412d234d36964b9c76f886a5561515302d3e3fff25e844a8403874b
SSDEEP

3072:FBJQ6tnICMWQpooA8ooTjyCw6/2v8C1FcpVJoUQilLV4r:bJTICMDM8dyCw6k8qSproUQqV4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b1068747c69a9f8aa17efa09b912372_JaffaCakes118

Files

3b1068747c69a9f8aa17efa09b912372_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d24d1c917dc479e0498822ec525ced5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW

user32

GetSysColorBrush
ReleaseDC
GetSysColor
CreatePopupMenu
SetWindowLongW
IsWindow
ClientToScreen
GetActiveWindow
LoadCursorW
BringWindowToTop
GetClientRect
GetDC
GetParent
CopyRect
DrawTextW
PostMessageW
InflateRect
ReleaseCapture
SetForegroundWindow
FindWindowExW
OffsetRect
GetWindowRect
IsRectEmpty
ShowScrollBar
SetCapture
GetWindowLongW
FillRect
DrawFocusRect
TrackPopupMenuEx
DestroyMenu
GetSystemMetrics
ScreenToClient
IntersectRect
SetTimer
wsprintfW
LoadImageW
DefWindowProcW
SetRect
PtInRect
SendMessageW
SetRectEmpty
EnableWindow
SetCursor
GetDesktopWindow
SetFocus
UnionRect
UpdateWindow
IsWindowVisible
GetCursorPos
FrameRect
EqualRect
KillTimer
InvalidateRect

avifil32

AVISaveOptions
AVIMakeCompressedStream

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
DragQueryFileW
SHGetSpecialFolderLocation
SHGetFileInfoW

ole32

CoCreateInstance
CoFreeUnusedLibraries
OleInitialize
StringFromGUID2
OleUninitialize
CoUninitialize
CoInitialize

kernel32

LeaveCriticalSection
GetLocaleInfoA
GetLastError
InterlockedExchange
GetTickCount
GetDriveTypeW
lstrlenA
ReplaceFileW
GetThreadLocale
FileTimeToLocalFileTime
FreeLibrary
FindFirstFileW
GetFullPathNameW
WaitForSingleObject
GetVersionExW
ResetEvent
lstrlenW
DisableThreadLibraryCalls
lstrcpynW
FindFirstChangeNotificationW
GetProcessId
InterlockedIncrement
SetEvent
QueryPerformanceCounter
GetCurrentThreadId
GlobalLock
EnumResourceTypesA
EnterCriticalSection
GetModuleHandleW
DeleteCriticalSection
FindNextChangeNotification
CreateEventW
GetSystemTimeAsFileTime
FindClose
WideCharToMultiByte
GlobalReAlloc
FindCloseChangeNotification
ExitProcess
MulDiv
FileTimeToSystemTime
GlobalAlloc
GetProcAddress
GetModuleFileNameA
GetCurrentProcessId
Sleep
InitializeCriticalSection
CreateThread
GetACP
CloseHandle
GlobalUnlock
MultiByteToWideChar
InterlockedDecrement
GetVersionExA

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d24d1c917dc479e0498822ec525ced5a

Headers

File Characteristics

Imports

advapi32

user32

avifil32

shell32

ole32

kernel32

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 64KB - Virtual size: 64KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 64KB - Virtual size: 64KB

.tls
Size: 1024B - Virtual size: 100KB