857224f81c6f54c09a2b23bc1960a289_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

857224f81c6f54c09a2b23bc1960a289_JaffaCakes118
Size

172KB
MD5

857224f81c6f54c09a2b23bc1960a289
SHA1

4dd72b52f3042f3a4f9fd79e1ca77732213dd284
SHA256

2ac71b3ceb5b9481f560fe7cf0db024e62989b5d3411b12d4c1592777219c985
SHA512

09159fec3dd71bde41bf0061512a23b63560cffdbe730731d942965d6bb4e3f3c1a6e2f07b0483f4cfc1f45932f44eb1d58ec69d712143f2726729803864e2d2
SSDEEP

3072:xsxpdHgp0YiODpx8LG3aMdYem4/DKbuZoZWM8D9RASCXz5Lu5HCV8lu:8enlyG37Pm4ebo6uwS4FLCHN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
857224f81c6f54c09a2b23bc1960a289_JaffaCakes118

Files

857224f81c6f54c09a2b23bc1960a289_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2dd10e4aead15feb7cfe852207a5373c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageThumbnail
GdipAlloc
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage

kernel32

PrivCopyFileExW
ReleaseSemaphore
InterlockedIncrement
lstrlenA
GetCurrentThread
lstrcpynW
LocalAlloc
GetModuleFileNameW
DeleteCriticalSection
GetThreadLocale
GetCurrentThreadId
VirtualFree
SetThreadPriority
InitializeCriticalSection
LeaveCriticalSection
GetSystemInfo
GetProcessId
GlobalUnlock
VirtualAlloc
CreateEventW
LocalFree
DisableThreadLibraryCalls
GetACP
GlobalAlloc
CreateThread
OutputDebugStringW
WaitForMultipleObjects
lstrlenW
GetVersionExA
QueryPerformanceCounter
WaitForSingleObject
LoadLibraryW
GetLastError
GetProcAddress
MultiByteToWideChar
GetTickCount
lstrcmpW
EnumResourceTypesA
GetCurrentProcessId
RaiseException
DuplicateHandle
GetCurrentProcess
lstrcmpiW
lstrcpyW
GetLocaleInfoA
ExitProcess
GlobalFree
GetModuleHandleW
FreeLibrary
InterlockedExchange
EnterCriticalSection
ProcessIdToSessionId
InterlockedDecrement
GlobalReAlloc
CloseHandle
WriteFile
Sleep
GlobalLock
CreateFileW
SetEvent
ResetEvent
GetVersionExW
CreateSemaphoreW
GetThreadPriority
GetSystemTimeAsFileTime
GetModuleFileNameA

winmm

mixerClose
timeSetEvent
mixerGetLineControlsW
mixerGetNumDevs
waveInGetNumDevs
mixerOpen
timeGetTime
waveInGetDevCapsW
mixerSetControlDetails
mixerGetLineInfoW
mixerGetControlDetailsW
mixerGetDevCapsW

gdi32

GetObjectW
RealizePalette
SelectPalette
SetStretchBltMode
GetDIBits
StretchDIBits
GetStockObject
SelectObject
CreateCompatibleDC
CreateDIBSection
BitBlt

user32

wsprintfW
wvsprintfW
IsWindowVisible
GetWindowRect
SetTimer
PostThreadMessageW
GetDC
ReleaseDC
PeekMessageW
DispatchMessageW
UnregisterClassA
UnregisterClassW
SetParent
TranslateMessage
EnableWindow
KillTimer
RegisterWindowMessageW
GetQueueStatus
MsgWaitForMultipleObjects

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dd10e4aead15feb7cfe852207a5373c

Headers

File Characteristics

Imports

gdiplus

kernel32

winmm

gdi32

user32

Sections

.text Size: 98KB - Virtual size: 98KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 68KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 244KB

.text
Size: 98KB - Virtual size: 98KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 68KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 244KB