785c3f4f3afabeb33b9da136d97715a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

785c3f4f3afabeb33b9da136d97715a4_JaffaCakes118
Size

6.6MB
MD5

785c3f4f3afabeb33b9da136d97715a4
SHA1

431692f34f8ccbcfc6d57648c5adf569ac3a30d2
SHA256

07a8cd9c558cb6bec5ec4999d1f305bf87ec6c2c48e8a83c766d0e9ded5d8cb4
SHA512

cb868f8e3ed5484229a8aa659e5f4817699653f36abd3ccfbff6a2aed9f03bfa41340754ace2193eb346070fdc2c6dd4b983ff687ef1157c1f190eadde2eeb4f
SSDEEP

49152:WziAAfAGzGOmJdVFQ2S7AdLcnYB3AhDfWHnjETAlXdWol4B+znBw3Yuugw3x:WOJjGOmJdVFQ2S7AFhAVEnjEt3k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
785c3f4f3afabeb33b9da136d97715a4_JaffaCakes118

Files

785c3f4f3afabeb33b9da136d97715a4_JaffaCakes118
.exe windows:6 windows x86 arch:x86

07e3b8cffb6cbd08b3896da77b16b919

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

kernel32

RtlUnwind
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
ExitProcess
VirtualAlloc
VirtualProtect
GetModuleHandleA
GetProcAddress
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
Sleep
CreateThread
GetCurrentThread
ExitThread
GetTickCount
lstrcmpA
GetLocalTime
lstrcpyA
lstrcatA
lstrlenA
InitializeCriticalSection
lstrcmpiA
CreateFileA
FindFirstFileA
ReadFile
CloseHandle
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
GetFileSize
GetSystemDirectoryA
FindClose
FindNextFileA
MultiByteToWideChar
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
WriteFile
OutputDebugStringA
SetFilePointer
WritePrivateProfileStringA
GlobalAlloc
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetModuleFileNameA
FreeLibrary
GetSystemTimeAsFileTime
LocalFree
GetComputerNameA
SuspendThread
ResumeThread
DeleteFileA
CopyFileA
_lcreat
_lwrite
_lclose
CompareFileTime
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
TerminateThread
QueryPerformanceCounter
GlobalFree
WideCharToMultiByte
IsDBCSLeadByte
LocalAlloc
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetTickCount64
SetLastError
GetModuleFileNameW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteConsoleW
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileType
GetConsoleCP
GetFileSizeEx
FlushFileBuffers
CompareStringW
LCMapStringW
GetTimeZoneInformation
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
SetEnvironmentVariableW
SetStdHandle
CreateFileW
SetEndOfFile
FreeEnvironmentStringsW

user32

SetWindowPos
GetAsyncKeyState
GetSystemMetrics
LoadCursorA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
LoadBitmapA
PeekMessageA
AdjustWindowRect
TranslateMessage
PostQuitMessage
FindWindowA
MessageBoxA
GetKeyState
SendMessageA
OffsetRect
ClientToScreen
GetClientRect
SetWindowTextA
ReleaseDC
GetDC
EnumWindows
GetWindowTextA
GetForegroundWindow
CharLowerA
wsprintfA
PostMessageA
SetWindowLongA
LoadCursorFromFileA
SetCursor
SetTimer
LoadIconA
ShowCursor
AdjustWindowRectEx
SetFocus
DispatchMessageA
CallWindowProcA
GetClassNameA

gdi32

DeleteObject
SelectObject
GetDIBits
DeleteDC
CreateDCA
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetObjectA
GetStockObject
CreateFontA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

d3d9

Direct3DCreate9

d3dx9_43

D3DXGetImageInfoFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateSprite
D3DXCreateFontA
D3DXCreateEffectFromFileA

winmm

mmioRead
mmioSeek
mmioGetInfo
mmioOpenA
mmioDescend
mmioAscend
mixerGetDevCapsA
mixerOpen
mixerClose
mmioClose
timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent
mmioSetInfo
mmioAdvance
mixerGetLineInfoA
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
timeGetTime

shlwapi

PathFileExistsA

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetQueryDataAvailable
InternetCloseHandle

wsock32

connect
htons
ioctlsocket
inet_addr
setsockopt
send
socket
gethostbyname
closesocket
WSAStartup
WSAGetLastError
WSAAsyncSelect
ntohs
recv

imm32

ImmSetConversionStatus
ImmSetOpenStatus
ImmGetContext

Exports

Exports

SetExtChangeZip
UnZipData
UnZipDataToDirectory
UnZipDataToFile
UnZipFile
ZipData
ZipFile
_CloseD3d@0
_InitD3D@4
_smPlayD3D@24

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 63.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07e3b8cffb6cbd08b3896da77b16b919

Headers

DLL Characteristics

File Characteristics

Imports

dsound

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

d3d9

d3dx9_43

winmm

shlwapi

wininet

wsock32

imm32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 303KB - Virtual size: 303KB

.data Size: 1.8MB - Virtual size: 63.1MB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.reloc Size: 158KB - Virtual size: 157KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 303KB - Virtual size: 303KB

.data
Size: 1.8MB - Virtual size: 63.1MB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.reloc
Size: 158KB - Virtual size: 157KB