5d2089a936990fc89dcd3c8572b7df52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d2089a936990fc89dcd3c8572b7df52_JaffaCakes118
Size

194KB
MD5

5d2089a936990fc89dcd3c8572b7df52
SHA1

81b7b94d4bfddd6be8159682f7f4dea253cd200e
SHA256

0ac4066973d1224a19f1e67e7860546f261c8e17261d314cb5c1ec0e3b828227
SHA512

8cada18550a2e5dfc1dd1bc86f8fe64f9dd2e15ae470b3fd3469fa39a2169c53e2100f51aa6254de78fc20fd5401e9a6156a0ce7ec3f3568c17512d5bf225524
SSDEEP

3072:ZjO8ag/Y55OnKnKpTnpJ+RdTf9/JJUPEH6mmUe8WLPzN+X1zZNXWLqlf9:taIYCnKnKpTnpQp/sPEH6p86N+Xv8+F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d2089a936990fc89dcd3c8572b7df52_JaffaCakes118

Files

5d2089a936990fc89dcd3c8572b7df52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

274fc818872d586dd33f361df77d6337

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

DispatchMessageA
DefWindowProcA
SetRect
CopyRect
PostMessageA
RegisterClassA
EnableWindow
TranslateMessage
ReleaseDC
GetClientRect
EqualRect
SendMessageA
GetDesktopWindow
IsWindow
PeekMessageA
BringWindowToTop
InvalidateRect
SetParent
InflateRect
GetDC
FillRect
wsprintfA
AttachThreadInput
UnregisterClassA

advapi32

RegCreateKeyExA
RegCreateKeyA
RegSetValueA
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegDeleteKeyA
RegOpenKeyExW
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA

shlwapi

PathFileExistsW
PathFileExistsA
StrStrIW

gdi32

SelectObject
GetObjectA
BitBlt
DeleteObject
PatBlt
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
SetStretchBltMode
StretchBlt
CreateDIBSection
CreateDCA
DeleteDC
SetDIBits

ole32

CoSetProxyBlanket
StringFromGUID2
CoFreeUnusedLibraries
StgOpenStorage
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CreateItemMoniker
StgCreateDocfile
CoInitialize
GetRunningObjectTable
CoTaskMemFree

kernel32

CreateMutexA
WaitForSingleObject
MultiByteToWideChar
WaitForMultipleObjectsEx
CloseHandle
LocalAlloc
GlobalFree
VirtualFree
DeleteCriticalSection
GetTempPathA
Sleep
VirtualAlloc
GetFileSize
LocalFree
InterlockedDecrement
GetProcessId
GetLastError
lstrlenA
SetFileAttributesA
GetVolumeInformationA
GetSystemTimeAsFileTime
GetModuleFileNameW
EnumResourceTypesW
DeleteFileA
SetFilePointer
GetVersionExA
QueryPerformanceCounter
GlobalUnlock
GetTickCount
InterlockedIncrement
DisableThreadLibraryCalls
InitializeCriticalSection
CreateFileW
ExitProcess
ReleaseMutex
GetFileAttributesA
DeviceIoControl
GetSystemTime
CopyFileA
GlobalLock
GetModuleFileNameA
WideCharToMultiByte
CreateDirectoryA
CreateFileA
GetCurrentThreadId
ReadFile
GetCurrentProcessId
GetTempFileNameA
FreeLibrary

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

274fc818872d586dd33f361df77d6337

Headers

File Characteristics

Imports

avifil32

user32

advapi32

shlwapi

gdi32

ole32

kernel32

shell32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 80KB - Virtual size: 80KB

.tls Size: 1024B - Virtual size: 224KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 80KB - Virtual size: 80KB

.tls
Size: 1024B - Virtual size: 224KB