a7538e5161877d3b22566971d4f184d3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a7538e5161877d3b22566971d4f184d3_JaffaCakes118
Size

253KB
MD5

a7538e5161877d3b22566971d4f184d3
SHA1

4985a41c46d975ee8ee5217f0010dd97b453afee
SHA256

de028b67912f75f06a1ffd2a84d4537226b14468c7ea516efe9b1152a1616147
SHA512

510a0a14b76b6353418a9360b4e65bd58b6ce32765f228210ce58852cd786518df1aca566b77e8ae8875e2820e9adacf354ce5b6876229f40f41123f67c3c31b
SSDEEP

6144:KjW2Y9wUW7T6yc+xbUVXrbhG/ogXnAqVKHxUnM1RTJ:WY6Z7TA+xoVXrb0QgXn5V2aMZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7538e5161877d3b22566971d4f184d3_JaffaCakes118

Files

a7538e5161877d3b22566971d4f184d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d7bf002886a015e1e393fae0ebd65b88

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
WSAGetLastError
gethostbyname
closesocket
setsockopt
select
socket
bind
inet_ntoa
recvfrom
sendto
htons

kernel32

GetTickCount
SetEvent
InitializeCriticalSection
OpenEventA
GetModuleFileNameA
FreeLibrary
GetModuleHandleA
GetACP
MultiByteToWideChar
WaitForSingleObject
CreateMutexA
LoadLibraryA
LocalFree
GetLastError
GetCurrentProcess
GetCurrentThread
GetVersionExA
lstrcmpA
GetProcAddress

user32

MessageBoxA
GetScrollPos
GetCapture
SetForegroundWindow
EnableWindow
InvalidateRgn
CharUpperA
PostQuitMessage
EmptyClipboard
CreatePopupMenu
MessageBoxIndirectW
GetMenuInfo
SendDlgItemMessageA
SetWindowLongW
AdjustWindowRect
UnregisterClassW
ShowCursor
mouse_event
SetActiveWindow
SetWindowPos
PeekMessageA
GetMenuItemRect
CharPrevA
CopyRect
wvsprintfW
SetCapture
MonitorFromPoint

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

winipsec

CloseMMFilterHandle
GetMMAuthMethods

gdi32

CreateSolidBrush
RemoveFontResourceExA
CreateCompatibleDC
StretchDIBits
SetWinMetaFileBits
CreateColorSpaceA
CreatePen
CreateHatchBrush
AddFontResourceW
CreateMetaFileW
GetRasterizerCaps
GetStockObject

avifil32

EditStreamCopy
AVIStreamSampleToTime
CreateEditableStream
AVIFileEndRecord
EditStreamClone
AVIGetFromClipboard
EditStreamPaste
AVIFileCreateStreamW
AVIStreamBeginStreaming
IID_IAVIEditStream
AVISaveVA
EditStreamSetNameW
AVIFileGetStream
AVIStreamRelease
AVIPutFileOnClipboard
AVISaveVW
AVIStreamReadFormat
AVIFileCreateStreamA
AVIFileRelease

Sections

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fWnp
Size: 108KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gIfmN
Size: 109KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7bf002886a015e1e393fae0ebd65b88

Headers

File Characteristics

Imports

wsock32

kernel32

user32

advapi32

winipsec

gdi32

avifil32

Sections

.edata Size: 4KB - Virtual size: 3KB

.edata Size: 12KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 38KB

.fWnp Size: 108KB - Virtual size: 160KB

.data Size: 6KB - Virtual size: 349KB

.gIfmN Size: 109KB - Virtual size: 137KB

.rsrc Size: 9KB - Virtual size: 9KB

.edata
Size: 4KB - Virtual size: 3KB

.edata
Size: 12KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 38KB

.fWnp
Size: 108KB - Virtual size: 160KB

.data
Size: 6KB - Virtual size: 349KB

.gIfmN
Size: 109KB - Virtual size: 137KB

.rsrc
Size: 9KB - Virtual size: 9KB