8ae32a1e1fcb6a45590f9fafbd0d7834_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ae32a1e1fcb6a45590f9fafbd0d7834_JaffaCakes118
Size

116KB
MD5

8ae32a1e1fcb6a45590f9fafbd0d7834
SHA1

2cd4046f1fa4ccfe3c2dc3276998c5928b7dee5c
SHA256

b4db27b24645b40a760ba8a0167378b27dcf2f41af78ec76bed7902e590c9ec3
SHA512

c097aa54fec9f7c8bb1b0201562a5c39c48e7408700bd139fba56b16a6b9767fbefeda28aede1525ff3f565e73114cb728dbf3e91c70a9b27f64aa6ef467ca03
SSDEEP

3072:urV5qs9Wx9NWNBY/CtJW2bk8usS/F4i4:urV5qs9WHWg/ybXusS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ae32a1e1fcb6a45590f9fafbd0d7834_JaffaCakes118

Files

8ae32a1e1fcb6a45590f9fafbd0d7834_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a5bc16ab1201b95d0cf3b044063bac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

WOW32DriverCallback
midiInStart
midiOutSetVolume
mmioInstallIOProcA
mod32Message
timeBeginPeriod
timeKillEvent
waveInGetDevCapsA
waveInStart
waveOutRestart
waveOutUnprepareHeader
PlaySoundW

dinput

DirectInputCreateW

user32

BeginDeferWindowPos
CharLowerBuffA
CharLowerW
DefWindowProcA
UpdateWindow
TranslateMessage
ShowWindow
SetUserObjectSecurity
SetSystemCursor
SetRect
RemoveMenu
RegisterWindowMessageW
RegisterShellHookWindow
RegisterClassA
PeekMessageA
OpenClipboard
MsgWaitForMultipleObjects
MessageBoxW
GetTopWindow
GetKeyState
GetForegroundWindow
GetCaretPos
EnumPropsA
EmptyClipboard
DispatchMessageA
DialogBoxParamA
CreateWindowExA
CharToOemA

shell32

SHGetSpecialFolderPathW
ShellExecuteA
SHFileOperationW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrcmpA
WaitForMultipleObjectsEx
TlsGetValue
SetFileTime
SetEnvironmentVariableA
ReadFile
OpenJobObjectW
OpenEventW
MulDiv
HeapCreate
HeapAlloc
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
GetTimeZoneInformation
GetTempPathW
GetSystemInfo
GetSystemDefaultLangID
GetStringTypeExA
GetPrivateProfileSectionW
GetModuleHandleA
GetFileAttributesExA
GetCurrentProcessId
GetConsoleOutputCP
GetConsoleAliasA
GetCommandLineA
GetBinaryTypeA
FormatMessageA
FlushConsoleInputBuffer
FindNextVolumeW
FindAtomW
FindAtomA
Beep
BindIoCompletionCallback
CloseHandle
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnumTimeFormatsA
ExitProcess

ole32

PropVariantClear
IsEqualGUID

ws2_32

htons
WSCDeinstallProvider
closesocket
WSAGetLastError
socket
WSAUnhookBlockingHook
gethostbyname
connect

advapi32

SetUserFileEncryptionKey
SetSecurityDescriptorDacl
RegisterEventSourceA
RegQueryValueExA
OpenTraceW
LsaSetInformationTrustedDomain
LsaRemoveAccountRights
LookupPrivilegeNameW
I_ScSetServiceBitsA
GetTrusteeNameW
GetSecurityDescriptorDacl
GetAclInformation
BuildExplicitAccessWithNameW
FileEncryptionStatusA
GetAce
AddAccessDeniedAce

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a5bc16ab1201b95d0cf3b044063bac1

Headers

File Characteristics

Imports

winmm

dinput

user32

shell32

version

kernel32

ole32

ws2_32

advapi32

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 24KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 24KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB