a2ea2be8e1b084991ece305714fea9c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2ea2be8e1b084991ece305714fea9c6_JaffaCakes118
Size

177KB
MD5

a2ea2be8e1b084991ece305714fea9c6
SHA1

dac3aceced0910656738ebd30d5dc630e301d91f
SHA256

0d3659c0dff081156839a8ee6ce2f8760a20aaac2f3325cd25f9b0214a5ad199
SHA512

b301411a9d8f485acb7fa180f66bcc8024789c56b27263003b2f1dca5b4b2d180b49cec684e57516f13cadb1fe06795524c17b8b950b1597c4b993f7bfa2c903
SSDEEP

3072:tGDMgtcg9AwZoDL07v1nWqEntu7oh424/mmWAEc6De:tGSo2c7dBgtZhjmUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2ea2be8e1b084991ece305714fea9c6_JaffaCakes118

Files

a2ea2be8e1b084991ece305714fea9c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

626823a04aa3d75f611e11034b7d5911

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegQueryValueExW
RegCreateKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegSetValueA
RegSetValueExA

avifil32

AVISaveOptions
AVIMakeCompressedStream

gdi32

SetStretchBltMode
DeleteDC
DeleteObject
GetStockObject
CreateCompatibleDC
PatBlt
CreateDCA
CreateDIBSection
StretchBlt
GetObjectA
BitBlt
CreateCompatibleBitmap
SelectObject
SetDIBits

ole32

StringFromGUID2
StgCreateDocfile
GetRunningObjectTable
CoSetProxyBlanket
CoInitialize
StgOpenStorage
CoTaskMemAlloc
CoUninitialize
CreateItemMoniker
CoFreeUnusedLibraries
CoCreateInstance
CoTaskMemFree

shell32

SHGetSpecialFolderPathA

kernel32

GetTempFileNameA
DeviceIoControl
CreateMutexA
InitializeCriticalSection
WaitForMultipleObjectsEx
DisableThreadLibraryCalls
GetVersionExA
DeleteCriticalSection
QueryPerformanceCounter
GetTempPathA
GetModuleFileNameA
LocalFree
InterlockedIncrement
LocalAlloc
GetLastError
GetProcessId
GlobalFree
CloseHandle
GetVolumeInformationA
SetFilePointer
CreateFileW
CopyFileA
GetFileAttributesA
EnumResourceTypesW
GetSystemTimeAsFileTime
GetSystemTime
WaitForSingleObject
GetFileSize
CreateDirectoryA
GetCurrentProcessId
GetTickCount
VirtualFree
SetFileAttributesA
ReleaseMutex
WideCharToMultiByte
ExitProcess
MultiByteToWideChar
GetModuleFileNameW
InterlockedDecrement
lstrlenA
GlobalLock
DeleteFileA
Sleep
ReadFile
VirtualAlloc
CreateFileA
GlobalUnlock
GetCurrentThreadId
FreeLibrary

user32

DispatchMessageA
SendMessageA
ReleaseDC
FillRect
GetDesktopWindow
SetRect
AttachThreadInput
DefWindowProcA
RegisterClassA
PostMessageA
GetClientRect
GetDC
EnableWindow
PeekMessageA
CopyRect
InvalidateRect
EqualRect
IsWindow
InflateRect
BringWindowToTop
SetParent
wsprintfA
TranslateMessage
UnregisterClassA

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

626823a04aa3d75f611e11034b7d5911

Headers

File Characteristics

Imports

advapi32

avifil32

gdi32

ole32

shell32

kernel32

user32

shlwapi

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 248KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 248KB