37bf61110de679f1d173f6c9a659cb14_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37bf61110de679f1d173f6c9a659cb14_JaffaCakes118
Size

680KB
MD5

37bf61110de679f1d173f6c9a659cb14
SHA1

972b02ace9e7ce976862e63734e1d73adea810d2
SHA256

d6ed0d8293f42ccdf47a5c1e45ccc01067f4292cb71fcac419e3e415071e8150
SHA512

9fd3b26108c671b02e76235fcad84dd095778e52292160573f98c8f5c5779187952eef527abb8af89aea1ecd5e3195d38ce7ffb7df3a0bd211806bb64e3dc802
SSDEEP

12288:2byA8Qy/CPeo6veNM4bBu8fQe/dDc2xcublo6b:2WA8Qy/WC4MT8Hpb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37bf61110de679f1d173f6c9a659cb14_JaffaCakes118

Files

37bf61110de679f1d173f6c9a659cb14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

964f3fccabf47a8f79aa1ff8abc988dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ddraw

DirectDrawEnumerateA
DirectDrawCreate

dsound

DirectSoundCreate

gdi32

DeleteObject
GetObjectA
CreateCompatibleDC
GetDIBColorTable
DeleteDC
CreateFontA
BitBlt
GetStockObject
SetBkMode
SelectObject
SetTextColor
TextOutA

kernel32

GetCPInfo
HeapSize
GetStartupInfoA
WriteFile
RaiseException
GetModuleHandleA
HeapFree
DeleteFileA
HeapAlloc
RtlUnwind
FlushFileBuffers
GetDriveTypeA
Sleep
TerminateThread
GetTickCount
SetThreadPriority
CreateThread
SetEndOfFile
LoadLibraryA
GetOEMCP
MultiByteToWideChar
CreateFileA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetProcAddress
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
WideCharToMultiByte
SetUnhandledExceptionFilter
GetCommandLineA
GetLastError
ReadFile
IsBadWritePtr
HeapReAlloc
GetACP
GetVersion
VirtualAlloc
GetVolumeInformationA
VirtualFree
HeapCreate
GetStringTypeW
ExitProcess
HeapDestroy
SetFilePointer
GetCurrentProcess
TerminateProcess
CloseHandle
GetStringTypeA
GetStringTypeA

user32

PostQuitMessage
ShowCursor
DefWindowProcA
ShowWindow
DestroyWindow
BeginPaint
DispatchMessageA
GetMessageA
MessageBoxA
EndPaint
PeekMessageA
UpdateWindow
RegisterClassA
CreateWindowExA
GetSystemMetrics
SetCursorPos
GetCursorPos
LoadIconA
LoadImageA
PostMessageA
LoadCursorA

winmm

mixerGetDevCapsA
mixerOpen
joyGetDevCapsA
joyReleaseCapture
joyGetPosEx
joySetCapture
waveOutGetDevCapsA
waveOutGetNumDevs
timeGetTime
auxGetNumDevs
mixerGetNumDevs
mixerGetLineControlsA
mciSendCommandA
auxGetDevCapsA
mixerGetLineInfoA
mixerSetControlDetails
mixerClose

wsock32

getsockname
WSAStartup
ntohs
socket
htons
ioctlsocket
sendto
closesocket
WSAGetLastError
gethostbyname
inet_addr
recvfrom
gethostname
bind
WSACleanup

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

tomcraft
Size: 648KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tomcraft
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tomcraft
Size: 3KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nkh
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

964f3fccabf47a8f79aa1ff8abc988dd

Headers

File Characteristics

Imports

ddraw

dsound

gdi32

kernel32

user32

winmm

wsock32

ole32

Sections

tomcraft Size: 648KB - Virtual size: 1.4MB

tomcraft Size: 4KB - Virtual size: 4KB

tomcraft Size: 3KB - Virtual size: 24KB

.nkh Size: 19KB - Virtual size: 20KB

tomcraft
Size: 648KB - Virtual size: 1.4MB

tomcraft
Size: 4KB - Virtual size: 4KB

tomcraft
Size: 3KB - Virtual size: 24KB

.nkh
Size: 19KB - Virtual size: 20KB