4930d41c4a935a0dcc04ead6b4250c28_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4930d41c4a935a0dcc04ead6b4250c28_JaffaCakes118
Size

288KB
MD5

4930d41c4a935a0dcc04ead6b4250c28
SHA1

00b7fba90a289768b3859402d8dc9f04d0350771
SHA256

5eb36979e896cf7531de0e6ed668d59ee0a84a43e8f23d1dcf002d6746c686fc
SHA512

57692fadd166dcbfc8982be624a76e879945bcd618a854babed3f76ea6339bacea568d751955b08f952ebbce4984298e69af2227cb0bbcb8e733182fbba66c1a
SSDEEP

6144:/ODJ1Ljo0TEZO5gWW7di0gBmdSbbtbTGgf9R0Qg5hHo8+1n:/o/oOEcgWWRgBmEH/yy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4930d41c4a935a0dcc04ead6b4250c28_JaffaCakes118

Files

4930d41c4a935a0dcc04ead6b4250c28_JaffaCakes118
.exe windows:4 windows x64 arch:x64

3af387c30a742722526fb01c3d317c95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\devel\projects\bink\build\binkpl64.pdb

Imports

user32

GetSystemMetrics
LoadIconA
SystemParametersInfoA
DestroyWindow
EndPaint
SetWindowTextA
InvalidateRect
MessageBoxA
LoadStringA
ShowWindow
TranslateMessage
DispatchMessageA
ChangeDisplaySettingsA
GetWindowLongA
GetActiveWindow
GetWindowThreadProcessId
GetWindow
GetWindowLongPtrA
GetTopWindow
ShowCursor
ClientToScreen
UnregisterClassA
SetCursor
ScreenToClient
IsIconic
GetCursorPos
IsWindowVisible
CreateWindowExA
GetClassLongPtrA
PeekMessageA
ReleaseDC
UpdateWindow
wsprintfA
GetWindowRect
GetClientRect
LoadCursorA
SendMessageA
PostQuitMessage
ValidateRect
DefWindowProcA
BeginPaint
GetDC
SetWindowPos
RegisterClassA

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
DeleteDC
CreateDIBSection
GetDeviceCaps
StretchBlt
GetDIBits
GetPixel
SetPixel
DeleteObject
SetBkColor
PatBlt
SetTextAlign
ExtTextOutA
GetTextExtentPoint32A
SetTextColor

kernel32

GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwindEx
GetStdHandle
WriteFile
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
HeapSetInformation
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
InitializeCriticalSection
HeapReAlloc
CloseHandle
GetLocalTime
LoadLibraryA
Sleep
GetCurrentProcess
GetFileAttributesA
GetProfileStringA
GetSystemInfo
GetModuleFileNameA
WriteProfileStringA
CreateFileA
GetModuleHandleA
GetProcAddress
SetFilePointer
GetVersionExA
FreeLibrary
SetErrorMode
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetEnvironmentVariableA
ReadFile
SetEvent
CreateEventA
SetThreadPriority
WaitForMultipleObjects
CreateMutexA
ReleaseMutex
RaiseException
CreateThread
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
HeapAlloc
HeapFree
HeapCreate
LCMapStringA
FlsAlloc
HeapSize
ResumeThread
GetLastError
GetCurrentThreadId
SetLastError
FlsFree
TlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCommandLineA
GetProcessHeap
GetStartupInfoA
GetCPInfo

shell32

ShellExecuteA

advapi32

RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

winmm

timeBeginPeriod
timeEndPeriod
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader
waveOutSetVolume
waveOutReset
waveOutRestart
waveOutPause
waveOutWrite
waveOutClose
timeGetTime

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK16
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK32
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKP8
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINK
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BINKBSS
Size: - Virtual size: 49KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BINKDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BINKCONS
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

��x
Size: - Virtual size:

Sharing

General

Malware Config

Signatures

Files

3af387c30a742722526fb01c3d317c95

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

gdi32

kernel32

shell32

advapi32

winmm

Sections

.text Size: 76KB - Virtual size: 75KB

BINK16 Size: 2KB - Virtual size: 2KB

BINK32 Size: 3KB - Virtual size: 2KB

BINKP8 Size: 3KB - Virtual size: 2KB

BINK Size: 109KB - Virtual size: 108KB

BINKBSS Size: - Virtual size: 49KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 21KB - Virtual size: 26KB

.pdata Size: 8KB - Virtual size: 7KB

BINKDATA Size: 1KB - Virtual size: 1KB

BINKCONS Size: 20KB - Virtual size: 20KB

.rsrc Size: 10KB - Virtual size: 10KB

����x Size: - Virtual size:

.text
Size: 76KB - Virtual size: 75KB

BINK16
Size: 2KB - Virtual size: 2KB

BINK32
Size: 3KB - Virtual size: 2KB

BINKP8
Size: 3KB - Virtual size: 2KB

BINK
Size: 109KB - Virtual size: 108KB

BINKBSS
Size: - Virtual size: 49KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 21KB - Virtual size: 26KB

.pdata
Size: 8KB - Virtual size: 7KB

BINKDATA
Size: 1KB - Virtual size: 1KB

BINKCONS
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 10KB - Virtual size: 10KB

��x
Size: - Virtual size: