3983ee59c017eabc494a05adcabe157d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3983ee59c017eabc494a05adcabe157d_JaffaCakes118
Size

573KB
MD5

3983ee59c017eabc494a05adcabe157d
SHA1

af878d565a31dac987ab3d13d5973ea61f532944
SHA256

5091b0f2a73f54f6064b6e2cd2e81cd5b5bf652b47b508bcdd9bc47a9ec1d89e
SHA512

b23b70650b9f7def528eb020b77fc48798dfad62523f5e4ee9d77f508626c332b18c315fbb8dbaef1e9da3edb6dd275d565761369692bb196b0de1ed6663c38a
SSDEEP

12288:3oPNWqRnFZhugCWT5cCzElGNb5mwwNrViRqlrrt:3FSnFZ1Ty/cxM4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3983ee59c017eabc494a05adcabe157d_JaffaCakes118

Files

3983ee59c017eabc494a05adcabe157d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4bf947625dedc9fb3c5a105db244cd11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerGetNumDevs
mixerGetLineControlsA
mixerGetControlDetailsW
midiStreamPosition
midiOutShortMsg
midiOutOpen
midiOutLongMsg
midiOutGetID

user32

SendMessageA
DestroyCursor
DrawStateA
PostMessageA
ShowCaret
UpdateWindow
CreateCursor

version

GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerQueryValueA
GetFileVersionInfoA

ntdll

RtlSetTimer
RtlTimeToElapsedTimeFields
RtlUnicodeToMultiByteN
RtlValidSecurityDescriptor
RtlSetSecurityDescriptorRMControl
RtlpUnWaitCriticalSection
VerSetConditionMask
ZwFlushWriteBuffer
ZwGetWriteWatch
RtlOpenCurrentUser
RtlNtStatusToDosError
RtlDestroyAtomTable
RtlEraseUnicodeString
RtlEnterCriticalSection
RtlConvertToAutoInheritSecurityObject
RtlCharToInteger
RtlApplyRXactNoFlush
RtlAppendUnicodeStringToString
RtlAllocateHandle
RtlAcquirePebLock
NtUnlockFile
NtSetThreadExecutionState
NtSetEvent
NtReadFileScatter
NtQueryIntervalProfile
NtIsSystemResumeAutomatic
NtGetDevicePowerState
NtCreateSymbolicLinkObject
NtCreateFile
NtCreateEvent
LdrFlushAlternateResourceModules
CsrAllocateCaptureBuffer
RtlDosSearchPath_U

comdlg32

GetOpenFileNameW
PageSetupDlgA
LoadAlterBitmap
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleW
FindTextA
ChooseFontA

kernel32

GlobalUnlock
ClearCommError
CreateFileMappingW
CreateJobObjectA
DeleteFileA
EnumResourceTypesA
lstrcatA
WritePrivateProfileSectionW
WaitCommEvent
VirtualProtect
VerLanguageNameA
SetThreadPriorityBoost
SetLastError
SetHandleInformation
SetFileTime
SetEnvironmentVariableW
SetCalendarInfoW
ReleaseSemaphore
QueryPerformanceCounter
OpenWaitableTimerW
MoveFileExW
IsSystemResumeAutomatic
IsProcessorFeaturePresent
IsBadStringPtrA
HeapAlloc
Heap32ListFirst
GlobalSize
GetTickCount
GetThreadPriority
GetThreadLocale
GetThreadContext
GetProfileSectionA
GetProcAddress
GetMailslotInfo
GetFileSize
GetDiskFreeSpaceExA
GetCommandLineA
ExitProcess
CancelIo

setupapi

CM_Query_Resource_Conflict_List
CM_Set_Class_Registry_PropertyA
SetupDiDestroyClassImageList
CM_Get_Version
CM_Free_Res_Des_Ex

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 465KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bf947625dedc9fb3c5a105db244cd11

Headers

File Characteristics

Imports

winmm

user32

version

ntdll

comdlg32

kernel32

setupapi

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 465KB - Virtual size: 467KB

.rsrc Size: 48KB - Virtual size: 47KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 465KB - Virtual size: 467KB

.rsrc
Size: 48KB - Virtual size: 47KB