4368563f58491a5d6d9dd58fb0cc5912_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4368563f58491a5d6d9dd58fb0cc5912_JaffaCakes118
Size

164KB
MD5

4368563f58491a5d6d9dd58fb0cc5912
SHA1

e174fc8f5ba69a194d893658ee9c7efcb965a7c3
SHA256

1a4e84ac8ee4d6c10463f62efbb65b1a0681009e878dc5804f5ab04998d0da79
SHA512

c44f296a3d02c5b2f5ad9749951e24308b70728d881c5be89783b88820d46bb5cfc08a1fc0c084e9f3e8e4196f6ff4a303864b7f5a7133c06559c287012eca75
SSDEEP

3072:4W58AwJtdx2LFo75hXbVonqyZCT0S7/kSQxB8juRzbwF5OrmHcQgprT:hO3MFg5hqn0T0S7k3fNzbA55c5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4368563f58491a5d6d9dd58fb0cc5912_JaffaCakes118

Files

4368563f58491a5d6d9dd58fb0cc5912_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2527a816e83765028f5df686476252ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

IsRectEmpty
OffsetRect
ReleaseDC
TranslateMessage
wsprintfW
CopyRect
FillRect
GetClientRect
SetRectEmpty
GetDC
DispatchMessageW
PeekMessageW
GetWindowRect

winmm

timeGetTime

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize

shell32

SHGetSpecialFolderPathA

shlwapi

PathRemoveBackslashW
PathCombineW
PathAddBackslashW
PathFileExistsA
PathRenameExtensionW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

gdi32

SetBkColor
DeleteObject
CreateDCW
GetDIBits
DeleteDC
BitBlt
CreateDIBSection
SetBrushOrgEx
CreateBitmap
SelectObject
GetObjectType
CreateCompatibleBitmap
GetObjectW
CreateSolidBrush
StretchBlt
CreateCompatibleDC
SetStretchBltMode

advapi32

RegSetValueW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegCreateKeyW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteKeyA

kernel32

CreateDirectoryA
DisableThreadLibraryCalls
WaitForMultipleObjects
GetModuleFileNameA
GetTickCount
lstrlenA
GetVersionExW
OutputDebugStringA
CreateFileA
GetSystemTime
DeleteFileA
WideCharToMultiByte
FindClose
DeleteFileW
GetProcessPriorityBoost
FindFirstFileW
FindNextFileW
GetLocaleInfoA
SetFileAttributesW
CloseHandle
QueryPerformanceCounter
InitializeCriticalSection
WriteFile
GetProcAddress
LoadLibraryW
LeaveCriticalSection
LocalAlloc
SetFilePointer
FreeLibrary
GetTempPathW
EnumResourceTypesW
MulDiv
GetVersionExA
WaitForSingleObject
DeleteCriticalSection
GetCurrentProcessId
GetLastError
CreateMutexA
GetTempFileNameA
SetFileAttributesA
OutputDebugStringW
ExitProcess
GetTempFileNameW
LocalFree
InterlockedDecrement
CreateDirectoryW
EnterCriticalSection
ReleaseMutex
ReadFile
InterlockedIncrement
GetACP
Sleep
RemoveDirectoryW
lstrlenW
GetFileAttributesA
CopyFileA
GetCurrentThreadId
InterlockedExchange
MultiByteToWideChar
GetModuleFileNameW
GetThreadLocale
GetTempPathA
GetSystemTimeAsFileTime

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2527a816e83765028f5df686476252ee

Headers

File Characteristics

Imports

avifil32

user32

winmm

ole32

shell32

shlwapi

gdi32

advapi32

kernel32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 65KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 65KB

.tls
Size: 1024B - Virtual size: 100KB