95fb156f8a98fc37975543e72651d156_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95fb156f8a98fc37975543e72651d156_JaffaCakes118
Size

1.3MB
MD5

95fb156f8a98fc37975543e72651d156
SHA1

c10ef77f68007fea092c49ae84cbd73a45f3fcb9
SHA256

8aa32049743b677a876c53a722f92ec40bdc7593daf44a3b581a575b08f966fb
SHA512

e1d7b5035780aa9b11763b959bfc10fe984b1c96c8c1cac97ab8a94be3ce366d33faebd613e34e373a91bdc9cc8dd71e713dc61b615da042a05fd21157f1954d
SSDEEP

24576:HkwuwE9iwXX7UoHSI+grlBKq0P0PgOJICSeuA43qB2:HkEE1XXTSEXK5PtOEeuARB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95fb156f8a98fc37975543e72651d156_JaffaCakes118

Files

95fb156f8a98fc37975543e72651d156_JaffaCakes118
.exe windows:4 windows x86 arch:x86

06efe9df63337ebc1141948f4d759ec2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\polynatic\Physics\bin\Zany Doodle.pdb

Imports

ws2_32

send
gethostbyname
closesocket
socket
recv
ntohs
WSAStartup
WSACleanup
ntohl
htonl
htons
connect

shlwapi

PathFileExistsA

libvorbisfile

ov_read
ov_pcm_seek
ov_fopen
ov_open_callbacks
ov_info
ov_clear
ov_pcm_total
ov_pcm_tell

winmm

mmioClose
mmioOpenA
mmioWrite
mmioCreateChunk
mmioAdvance
mmioAscend
mmioSetInfo
mmioDescend
mmioSeek
mmioGetInfo
mmioRead

dsound

ord11

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

d3dx9_37

D3DXCreateTextureFromFileInMemoryEx

kernel32

GetStringTypeA
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetStringTypeW
GetOEMCP
GetACP
GetUserDefaultLCID
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
Sleep
FindFirstFileA
FindClose
FindNextFileA
DeleteFileA
MoveFileExA
GetTickCount
GetLastError
SetFileAttributesA
InitializeCriticalSection
TerminateThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
GetLocaleInfoA
GetCurrentThreadId
CloseHandle
GetLocalTime
FindResourceA
LoadResource
SizeofResource
LockResource
FreeLibrary
GetProcAddress
LoadLibraryExA
MulDiv
QueryPerformanceCounter
GetCommandLineA
GetPriorityClass
lstrcmpiA
GetSystemInfo
GetThreadPriority
QueryPerformanceFrequency
GetVersionExA
GlobalLock
GlobalAlloc
GlobalUnlock
LoadLibraryA
SetErrorMode
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
LCMapStringW
LCMapStringA
RaiseException
RtlUnwind
GetCPInfo
GetStartupInfoA
GetProcessHeap
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
VirtualAlloc
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
CreateFileW
SetEndOfFile
GetModuleHandleA
TlsGetValue

user32

ScreenToClient
wsprintfA
GetForegroundWindow
GetKeyboardLayout
GetAsyncKeyState
MapVirtualKeyA
MapVirtualKeyExA
ToAsciiEx
SetClipboardData
OpenClipboard
EmptyClipboard
GetCursorPos
SetForegroundWindow
ShowWindow
AdjustWindowRect
GetClipboardData
GetMessageA
PostQuitMessage
ReplyMessage
LoadIconA
SetFocus
TranslateMessage
ShowCursor
SetWindowLongA
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
SetWindowPos
PostMessageA
DispatchMessageA
GetSystemMetrics
LoadCursorA
InSendMessage
RegisterClassA
MessageBoxA
CloseClipboard
DestroyWindow

gdi32

SetBkColor
CreateFontA
CreateDIBSection
DeleteObject
GetTextExtentPoint32A
SelectObject
CreateCompatibleDC
SetMapMode
CreateDCA
ExtTextOutA
GetDeviceCaps
DeleteDC
SetTextColor
SetTextAlign

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHCreateDirectoryExA
SHGetFolderPathA
ShellExecuteA

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06efe9df63337ebc1141948f4d759ec2

Headers

File Characteristics

PDB Paths

Imports

ws2_32

shlwapi

libvorbisfile

winmm

dsound

d3d9

dinput8

d3dx9_37

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 180KB - Virtual size: 178KB

.data Size: 36KB - Virtual size: 44KB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 180KB - Virtual size: 178KB

.data
Size: 36KB - Virtual size: 44KB

.rsrc
Size: 40KB - Virtual size: 38KB