b29c37bb5007b4e1b268bdfbfbdbe7a2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b29c37bb5007b4e1b268bdfbfbdbe7a2_JaffaCakes118
Size

167KB
MD5

b29c37bb5007b4e1b268bdfbfbdbe7a2
SHA1

369e3120df2ed78bfedc1b2d812c9e2c9f5f0219
SHA256

2f4e3eb1730e0c55f77deb8abd669e417369fb7ed1ff94f979550151346ed919
SHA512

f3860e275feb061b6c2f6f56b2fabf5a6f1cadc7bab2a41ce3f421c10b5046d83675f80124ead1555a9c0f9ae440c1812c1acad91dd97aa4fedcf9609c21798a
SSDEEP

3072:qZDtpSLETxfdEH3qxyXSGMCa6IXWThRsZz6K/Hqm0v:kWCfdAqxyiGMBGhRtgHJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b29c37bb5007b4e1b268bdfbfbdbe7a2_JaffaCakes118

Files

b29c37bb5007b4e1b268bdfbfbdbe7a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b3e6cbc1c82b9f9b6df8510751c8a70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVIMakeCompressedStream

ole32

StringFromGUID2
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize

user32

CopyRect
FillRect
ReleaseDC
SetRectEmpty
GetDC
GetClientRect
IsRectEmpty
TranslateMessage
PeekMessageW
DispatchMessageW
wsprintfW
OffsetRect
GetWindowRect

gdi32

CreateDIBSection
GetDIBits
SetBrushOrgEx
SelectObject
CreateCompatibleDC
BitBlt
GetObjectW
StretchBlt
GetObjectType
CreateSolidBrush
DeleteObject
SetBkColor
CreateCompatibleBitmap
DeleteDC
CreateBitmap
CreateDCW
SetStretchBltMode

winmm

timeGetTime

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathIsDirectoryW
PathFileExistsA
PathRenameExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRemoveFileSpecW

advapi32

RegOpenKeyExW
RegSetValueW
RegSetValueExA
RegCreateKeyW
RegCloseKey
RegOpenKeyExA
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyW
RegDeleteKeyA

kernel32

EnterCriticalSection
MultiByteToWideChar
SetFileAttributesA
WaitForMultipleObjects
GetTempPathA
CreateFileA
GetModuleFileNameA
CopyFileA
LocalFree
GetSystemTime
GetLocaleInfoA
GetACP
FindClose
QueryPerformanceCounter
WideCharToMultiByte
GetTickCount
CloseHandle
ReleaseMutex
GetProcessPriorityBoost
SetFilePointer
InterlockedIncrement
FindFirstFileW
LoadLibraryW
GetTempFileNameW
DisableThreadLibraryCalls
WriteFile
InterlockedExchange
CreateDirectoryA
LocalAlloc
EnumResourceTypesW
ReadFile
lstrlenA
GetLastError
Sleep
OutputDebugStringA
CreateMutexA
GetModuleFileNameW
GetThreadLocale
FreeLibrary
GetVersionExA
SetFileAttributesW
DeleteFileW
MulDiv
ExitProcess
GetTempPathW
GetCurrentThreadId
WaitForSingleObject
DeleteFileA
InitializeCriticalSection
RemoveDirectoryW
FindNextFileW
GetVersionExW
GetFileAttributesA
DeleteCriticalSection
GetTempFileNameA
GetCurrentProcessId
InterlockedDecrement
CreateDirectoryW
OutputDebugStringW
lstrlenW
LeaveCriticalSection
GetProcAddress
GetSystemTimeAsFileTime

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b3e6cbc1c82b9f9b6df8510751c8a70

Headers

File Characteristics

Imports

avifil32

ole32

user32

gdi32

winmm

shlwapi

advapi32

kernel32

shell32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 65KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 65KB

.tls
Size: 1024B - Virtual size: 104KB