834877343c8a9098d0d6ec02e1cab531_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

834877343c8a9098d0d6ec02e1cab531_JaffaCakes118
Size

316KB
MD5

834877343c8a9098d0d6ec02e1cab531
SHA1

32f19f5620fa3bc81dd1ca69768ed8406a94f2ff
SHA256

c8a7503acc3a7401a67351ca4518733909c6afe0b63e2c26224ab82d03f53d3b
SHA512

ae96b052ce1c3dbb138c6459202526c3b65ed7d688ca73562d7069b1618d02baaddc7182803076ae093297fc939910dd9e99e1ace8025121586a75d564cd3d7b
SSDEEP

6144:ysOR8ePumr4GJGTr5SUKgLTvYtgHam/isy8SCV:ysORBPumrVGTr4SLTlHTKKSC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
834877343c8a9098d0d6ec02e1cab531_JaffaCakes118

Files

834877343c8a9098d0d6ec02e1cab531_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37ecc4c0c4fef2f4d4132499dbe1ad7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Bombina_program\Api_cpp\Bombina_Soft\anti_autorun\Release\anti_autorun.pdb

Imports

kernel32

GetLocaleInfoA
LockResource
SizeofResource
LoadResource
FindResourceA
CreateDirectoryA
SetCurrentDirectoryA
GetWindowsDirectoryA
GetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
GetLastError
GlobalAlloc
SetFileAttributesA
GetLocalTime
RemoveDirectoryA
DeleteFileA
GetSystemDirectoryA
CreateMutexA
GetVolumeInformationA
GetDriveTypeA
GetCurrentDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
OpenProcess
SetLastError
Process32Next
TerminateProcess
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
HeapSize
SetEndOfFile
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
OpenMutexA
IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileA
FlushFileBuffers
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
VirtualQuery
InterlockedExchange
LoadLibraryA
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcess
GetProcAddress
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
ReadFile
WriteFile
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExA
GlobalUnlock
GlobalLock
lstrlenA
lstrcpyA
lstrcatA
GetEnvironmentVariableA
WinExec
MultiByteToWideChar
IsBadCodePtr
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
ExitProcess

user32

IsClipboardFormatAvailable
OpenClipboard
CloseClipboard
CreateWindowExA
SetActiveWindow
SetForegroundWindow
GetWindow
GetForegroundWindow
MoveWindow
GetSystemMetrics
GetWindowRect
GetClipboardData
DestroyWindow
FindWindowA
SetWindowTextA
GetWindowTextA
GetDesktopWindow
keybd_event
ShowWindow
OpenIcon
CloseWindow
IsIconic
SetClipboardData
SendMessageA
ExitWindowsEx
CharLowerA
GetClassNameA
GetWindowThreadProcessId
EnumWindows
GetDC
EndPaint
ReleaseDC
IsWindowVisible
KillTimer
SetCursor
TrackMouseEvent
PostQuitMessage
DefWindowProcA
LoadIconA
LoadCursorA
RegisterClassA
UpdateWindow
SetTimer
GetMessageA
DispatchMessageA
MessageBoxA
EmptyClipboard

gdi32

CreateSolidBrush

advapi32

GetTokenInformation
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenProcessToken

shell32

ShellExecuteA

gdiplus

GdiplusStartup
GdipFree
GdipAlloc
GdipCreateSolidFill
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromResource
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectI
GdipDrawImageI
GdipDrawString
GdipDrawLineI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen2
GdipCloneBrush
GdipDeleteBrush

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

37ecc4c0c4fef2f4d4132499dbe1ad7f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

gdiplus

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 208KB - Virtual size: 280KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 208KB - Virtual size: 280KB