88e3d436c03eb54c6fd5bf1688bc502b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

88e3d436c03eb54c6fd5bf1688bc502b_JaffaCakes118
Size

1.3MB
MD5

88e3d436c03eb54c6fd5bf1688bc502b
SHA1

f4206f8fcf33f2ac1861a98f517977e5a8a476ef
SHA256

5bcb6b383fcd0f996dd5232468231c4dca7f96c87d592acc843c411f0ffa8a58
SHA512

e4868516eb1e59e37ca7c3833f1de6ba86f5d89ddaea6c67d2998f9800804125be3ffece594b54961f2a32ad503dd1216d55df81df3ee2ab4d4a1050ad2bb247
SSDEEP

24576:05pcrpKIlE+YHqA0lx04Q8zUDZD6LhX8TkeYGmHjX4M9TWXS8Vc:SeFEeFQ8z8OjX4M9TWhc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88e3d436c03eb54c6fd5bf1688bc502b_JaffaCakes118

Files

88e3d436c03eb54c6fd5bf1688bc502b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfe658bbd6d5a518de14932a63c3759f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Work\Farm\bin\farm.pdb

Imports

kernel32

SetEnvironmentVariableA
CompareStringW
Beep
IsProcessorFeaturePresent
Sleep
GetCurrentProcess
LocalFree
FormatMessageA
GetLastError
FindClose
FindNextFileA
FindFirstFileA
CreateFileA
CreateDirectoryA
CreateFileW
CreateDirectoryW
DeleteFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
CloseHandle
MultiByteToWideChar
RaiseException
RtlUnwind
ExitProcess
HeapFree
GetProcAddress
GetModuleHandleA
TerminateProcess
GetStartupInfoW
GetVersionExA
GetLocalTime
GetCPInfo
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapSize
GetStdHandle
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
GetTimeZoneInformation
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
InterlockedExchange
GetLocaleInfoW
SetStdHandle
SetEndOfFile
GetACP
GetOEMCP
CompareStringA
WideCharToMultiByte

squall

SQUALL_Channel_Stop
SQUALL_Channel_Status
SQUALL_Channel_Pause
SQUALL_Init
SQUALL_SetFileCallbacks
SQUALL_Listener_EAX_SetPreset
SQUALL_Stop
SQUALL_Free
SQUALL_Sample_LoadFile
SQUALL_ChannelGroup_SetVolume
SQUALL_Channel_Start
SQUALL_Channel_SetVolume
SQUALL_Sample_Unload
SQUALL_Pause
SQUALL_Sample_PlayEx
SQUALL_Sample_GetFileFrequency

jngload

?freeData@@YAXAAPAK@Z
?readMNG@@YAXPBXAAK1AAPAK@Z

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

d3d8

Direct3DCreate8

dinput8

DirectInput8Create

user32

DestroyIcon
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
GetWindowInfo
GetClientRect
SetWindowPos
GetWindowRect
GetCursorPos
DrawTextA
DrawTextW
DefWindowProcW
LoadCursorW
SetCursor
DispatchMessageW
PeekMessageW
TranslateMessage
DestroyWindow
PostQuitMessage
MessageBoxA
UpdateWindow

gdi32

CreateCompatibleDC
CreateDIBSection
SetBkMode
SetBkColor
SetTextColor
SelectObject
DeleteDC
CreateFontIndirectA
GetObjectA
DeleteObject
CreateFontW

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA

Sections

.text
Size: 1008KB - Virtual size: 1005KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dfe658bbd6d5a518de14932a63c3759f

Headers

File Characteristics

PDB Paths

Imports

kernel32

squall

jngload

winmm

d3d8

dinput8

user32

gdi32

advapi32

Sections

.text Size: 1008KB - Virtual size: 1005KB

.rdata Size: 176KB - Virtual size: 172KB

.data Size: 24KB - Virtual size: 37KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 1008KB - Virtual size: 1005KB

.rdata
Size: 176KB - Virtual size: 172KB

.data
Size: 24KB - Virtual size: 37KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 76KB - Virtual size: 76KB