3aabd57528b0fb7f152c79c281d57956_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3aabd57528b0fb7f152c79c281d57956_JaffaCakes118
Size

3.0MB
MD5

3aabd57528b0fb7f152c79c281d57956
SHA1

273a91e7c1aef411767490cec253770d1eac0f90
SHA256

cf0ae657aced34669542494afc5fe8f98e653095c8428ba10162bedeb1ae629f
SHA512

55037feb79364d8b3cc914a69b2a0363a9d8830413a28eedcb35301bb82d4ce023d719f1459dd72c7acab6f0cec3265327ce7b2674a165f4bf900040ee3011c9
SSDEEP

49152:BLONd184nAn6no7RgOPyBT/CHukt5AT+qPieQTC5VwZ4NTCU:BoXzO8jCH9to5Vw2Nm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aabd57528b0fb7f152c79c281d57956_JaffaCakes118

Files

3aabd57528b0fb7f152c79c281d57956_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6c72f19216b79395447868771bf2d6b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyA
GetUserNameA
RegCloseKey
RegQueryValueExA

ddraw

DirectDrawCreateEx

dinput8

DirectInput8Create

gdi32

CreateFontIndirectA
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
SetBkMode
SetBkColor
SetTextColor
GetStockObject
CreateCompatibleDC

kernel32

GetTickCount
GetProcAddress
InitializeCriticalSection
Sleep
IsProcessorFeaturePresent
UnmapViewOfFile
GetModuleHandleA
lstrlen
CreateFileW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentDirectoryA
GetFullPathNameA
FlushFileBuffers
GetSystemTimeAsFileTime
LockResource
GetEnvironmentStringsW
DeleteCriticalSection
DeleteFileA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
GetPrivateProfileStringA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
CreateThread
CloseHandle
GetExitCodeThread
ReleaseMutex
SetFileAttributesA
OpenProcess
GetCurrentProcessId
CreateFileA
GetCurrentThreadId
GetLocalTime
GetDiskFreeSpaceExA
GetDriveTypeA
GetVolumeInformationA
GetLogicalDrives
GlobalMemoryStatus
GetComputerNameA
GetVersionExA
SetUnhandledExceptionFilter
SetErrorMode
CreateMutexA
OpenMutexA
InterlockedDecrement
LoadLibraryA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetCPInfoExA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetModuleFileNameA
GetTempPathA
RemoveDirectoryA
FindClose
GetLastError
FindFirstFileA
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapFree
GetCommandLineA
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapReAlloc
HeapAlloc
CreateDirectoryA
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetModuleHandleW
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
VirtualFree

oleaut32

VariantClear
SysFreeString
SysAllocString

shell32

SHGetSpecialFolderPathA
ShellExecuteA

user32

ScreenToClient
GetCursorPos
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExA
SetWindowTextW
SetCursorPos
GetKeyState
DrawTextW
DrawTextA
GetKeyboardLayoutNameA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadIconA
RegisterClassExA
CreateWindowExA
GetClientRect
SetWindowLongA
SetWindowPos
UpdateWindow
EnumDisplaySettingsA
AdjustWindowRect
OffsetRect
GetDC
FindWindowA
SystemParametersInfoA
PeekMessageA
GetMessageA
ClientToScreen
SendMessageA
GetDoubleClickTime
SetForegroundWindow
LoadCursorA
SetCursor
PostQuitMessage
DefWindowProcA
UnregisterClassA
DestroyWindow
MessageBoxA
ShowWindow
DispatchMessageA
TranslateMessage

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

d3d8

Direct3DCreate8

dbghelp

MiniDumpWriteDump

fmodex

?setVolume@SoundGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?getMasterSoundGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVSoundGroup@2@@Z
?getVolume@SoundGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?getMasterChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?getPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?release@DSP@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?getVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?getPitch@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAM@Z
?isPlaying@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?update@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?setPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getPaused@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setMute@Channel@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?getMute@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PA_N@Z
?setPan@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setVolume@Channel@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setMute@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?init@System@FMOD@@QAG?AW4FMOD_RESULT@@HIPAX@Z
?stop@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@XZ
FMOD_System_Create
?stop@Channel@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?getVersion@System@FMOD@@QAG?AW4FMOD_RESULT@@PAI@Z
?setPriority@Channel@FMOD@@QAG?AW4FMOD_RESULT@@H@Z
?setPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@II@Z
?getPosition@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?getLength@Sound@FMOD@@QAG?AW4FMOD_RESULT@@PAII@Z
?addGroup@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAV12@@Z
?createChannelGroup@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDPAPAVChannelGroup@2@@Z
?createStream@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?getMaxAudible@SoundGroup@FMOD@@QAG?AW4FMOD_RESULT@@PAH@Z
?setChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAVChannelGroup@2@@Z
?getName@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@PADH@Z
?getChannelGroup@Channel@FMOD@@QAG?AW4FMOD_RESULT@@PAPAVChannelGroup@2@@Z
?setMode@Channel@FMOD@@QAG?AW4FMOD_RESULT@@I@Z
?setOutput@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_OUTPUTTYPE@@@Z
?close@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?release@System@FMOD@@QAG?AW4FMOD_RESULT@@XZ
?playSound@System@FMOD@@QAG?AW4FMOD_RESULT@@W4FMOD_CHANNELINDEX@@PAVSound@2@_NPAPAVChannel@2@@Z
?createSound@System@FMOD@@QAG?AW4FMOD_RESULT@@PBDIPAUFMOD_CREATESOUNDEXINFO@@PAPAVSound@2@@Z
?setPitch@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z
?setPaused@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@_N@Z
?setVolume@ChannelGroup@FMOD@@QAG?AW4FMOD_RESULT@@M@Z

ole32

CoCreateInstance

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 288KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.TEDATA
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c72f19216b79395447868771bf2d6b6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ddraw

dinput8

gdi32

kernel32

oleaut32

shell32

user32

winmm

d3d8

dbghelp

fmodex

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 288KB - Virtual size: 292KB

.data Size: 99KB - Virtual size: 180KB

.data1 Size: 2KB - Virtual size: 4.1MB

.rsrc Size: 404KB - Virtual size: 404KB

.TEDATA Size: 12KB - Virtual size: 12KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 288KB - Virtual size: 292KB

.data
Size: 99KB - Virtual size: 180KB

.data1
Size: 2KB - Virtual size: 4.1MB

.rsrc
Size: 404KB - Virtual size: 404KB

.TEDATA
Size: 12KB - Virtual size: 12KB