39c3aa6931cefe9b058b92b554c80911_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

39c3aa6931cefe9b058b92b554c80911_JaffaCakes118
Size

177KB
MD5

39c3aa6931cefe9b058b92b554c80911
SHA1

cd1eb982e308c2d7b550ad90c37d86eb12a9b011
SHA256

5c017f5c89f80452d18b7f8bad3bbf1e97335a46e14583bd2463b2405238e469
SHA512

8c0c73c062710de63597af3187cf48ef9b020065219622877323110a83035cc015665b1af016db9e9bae197d24410eb47c86cb7dbe79a4a8367641eadba23772
SSDEEP

3072:JT+I7r/REe/0AGmc2ESLzMKvCARqxdCoFFP1puvl/xG0F0JiiiWQIJ:JTBD/bqSLIKRUdCoFV1szG0CJi2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39c3aa6931cefe9b058b92b554c80911_JaffaCakes118

Files

39c3aa6931cefe9b058b92b554c80911_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62896d557d17989ecec247d1ef894867

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyW
RegQueryValueExW
RegSetValueW
RegQueryValueExA
RegSetValueExW
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyA

winmm

timeGetTime

gdi32

CreateDIBSection
CreateBitmap
SelectObject
SetBkColor
GetObjectType
DeleteObject
BitBlt
CreateDCW
SetBrushOrgEx
GetDIBits
GetObjectW
DeleteDC
StretchBlt
CreateCompatibleDC
CreateSolidBrush
CreateCompatibleBitmap
SetStretchBltMode

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

CopyRect
PeekMessageW
SetRectEmpty
IsRectEmpty
GetDC
DispatchMessageW
FillRect
wsprintfW
TranslateMessage
OffsetRect
GetClientRect
ReleaseDC
GetWindowRect

ole32

CoUninitialize
CoCreateInstance
StringFromGUID2
CoFreeUnusedLibraries
CoInitialize

shlwapi

PathIsDirectoryW
PathCombineW
PathFileExistsW
PathAddBackslashW
PathAppendW
PathRemoveBackslashW
PathFileExistsA
PathRenameExtensionW
PathRemoveFileSpecW

kernel32

GetVersionExA
ReadFile
FindClose
SetFileAttributesA
DisableThreadLibraryCalls
RemoveDirectoryW
WriteFile
GetTempFileNameW
WaitForMultipleObjects
CloseHandle
DeleteFileA
DeleteFileW
GetModuleFileNameW
GetACP
GetTickCount
CreateMutexA
GetModuleFileNameA
GetProcessPriorityBoost
FindNextFileW
SetFilePointer
LoadLibraryW
LocalAlloc
GetVersionExW
CreateDirectoryW
SetFileAttributesW
MulDiv
GetLastError
GetLocaleInfoA
GetCurrentThreadId
InterlockedDecrement
CreateFileA
ReleaseMutex
GetProcAddress
GetCurrentProcessId
DeleteCriticalSection
InterlockedExchange
EnumResourceTypesW
InitializeCriticalSection
QueryPerformanceCounter
GetThreadLocale
WideCharToMultiByte
FreeLibrary
EnterCriticalSection
GetTempPathA
lstrlenW
OutputDebugStringW
OutputDebugStringA
ExitProcess
InterlockedIncrement
LocalFree
GetTempPathW
LeaveCriticalSection
GetTempFileNameA
GetFileAttributesA
FindFirstFileW
WaitForSingleObject
GetSystemTime
lstrlenA
CreateDirectoryA
CopyFileA
Sleep
MultiByteToWideChar
GetSystemTimeAsFileTime

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62896d557d17989ecec247d1ef894867

Headers

File Characteristics

Imports

advapi32

winmm

gdi32

avifil32

user32

ole32

shlwapi

kernel32

shell32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 71KB - Virtual size: 70KB

.tls Size: 1024B - Virtual size: 248KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 71KB - Virtual size: 70KB

.tls
Size: 1024B - Virtual size: 248KB