b33a70c816d56d2e50dacad208589b5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b33a70c816d56d2e50dacad208589b5b_JaffaCakes118
Size

3.3MB
MD5

b33a70c816d56d2e50dacad208589b5b
SHA1

025a6addef297c6b7bdd6ccccdbeec1638b18e64
SHA256

345f41ea5f0346eb2bd6affb09e085db66b4deb5b7a485213c3b5125a230bd06
SHA512

a894e9324af9488cab3146717425fce583dde88554e07ee565b1c8a523b7c82fc22910fee5e2c87c49a3ecc3cc201ce8c20047efb0986ca33e5a380f817aa132
SSDEEP

49152:jp/ICD9cpm3LvVZ++juEnMGylKjFpYg8Y90lS3Lf7Er7EFCxOx:jpAGcpmH++juthEJpbzCEFxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b33a70c816d56d2e50dacad208589b5b_JaffaCakes118

Files

b33a70c816d56d2e50dacad208589b5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72cad0ccc32f585c6594d2ff7cb46d37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
mciSendStringA

mss32

_AIL_set_sample_volume@8
_AIL_start_sample@4
_AIL_init_sample@4
_AIL_stream_status@4
_AIL_serve@0
_AIL_set_stream_volume@8
_AIL_allocate_sample_handle@4
_AIL_waveOutClose@4
_AIL_get_preference@4
_AIL_digital_configuration@16
_AIL_stream_volume@4
_AIL_stream_position@4
_AIL_set_stream_loop_count@8
_AIL_open_stream@12
_AIL_start_stream@4
_AIL_set_stream_position@8
_AIL_HWND@0
_AIL_set_sample_file@12
_AIL_set_sample_loop_count@8
_AIL_service_stream@8
_AIL_sample_volume@4
_AIL_pause_stream@8
_AIL_waveOutOpen@16
_AIL_stop_sample@4
_AIL_sample_status@4
_AIL_resume_sample@4
_AIL_close_stream@4
_AIL_end_sample@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_preference@8

smackw32

_SmackSoundUseMSS@4
_SmackDoFrame@4
_SmackToBuffer@28
_SmackGoto@8
_SmackUseMMX@4
_SmackOpen@12
_SmackVolumePan@16
_SmackToBufferRect@8
_SmackNextFrame@4
_SmackWait@4
_SmackClose@4

ddraw

DirectDrawCreate

wsock32

closesocket
inet_addr
gethostname
inet_ntoa
bind
htonl
WSAStartup
gethostbyname
htons
socket

kernel32

Sleep
GetStringTypeW
IsBadCodePtr
GlobalLock
GlobalAlloc
SetLastError
GetFileAttributesA
DeleteCriticalSection
CloseHandle
GetLastError
CreateEventA
GetDriveTypeA
GetLogicalDrives
GetDiskFreeSpaceA
TlsGetValue
EnumSystemLocalesA
GetACP
DeleteFileA
GetVersionExA
ReadFile
WaitForSingleObject
SetEvent
GetModuleFileNameA
GetFileTime
CreateFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
WriteFile
FindClose
FindFirstFileA
FindNextFileA
SetUnhandledExceptionFilter
HeapSize
FlushFileBuffers
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
GetOEMCP
VirtualFree
VirtualAlloc
IsBadWritePtr
SetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
HeapAlloc
GetUserDefaultLCID
GetSystemTime
InitializeCriticalSection
LeaveCriticalSection
GetLocaleInfoW
EnterCriticalSection
GetCurrentThreadId
GetTimeZoneInformation
SetFilePointer
GetCurrentDirectoryA
SetEnvironmentVariableA
GetCurrentProcess
TerminateProcess
HeapReAlloc
GetFullPathNameA
RtlUnwind
ExitProcess
WideCharToMultiByte
InterlockedIncrement
MultiByteToWideChar
InterlockedExchange
InterlockedDecrement
RaiseException
OpenFile
_llseek
_lclose
IsBadReadPtr
_lread
GlobalUnlock
GlobalFree
GlobalHandle
LoadLibraryA
HeapFree
SetCurrentDirectoryA
GetVersion
GetStartupInfoA
TlsAlloc
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetProcAddress
GetModuleHandleA
ResumeThread
ExitThread
TlsSetValue
CreateThread
GetFileType
GetLocalTime

user32

DispatchMessageA
TranslateMessage
GetWindowLongA
GetMessageA
LoadIconA
RegisterClassA
AdjustWindowRect
CreateWindowExA
LoadCursorA
SetCursor
SetMenu
DestroyMenu
PostMessageA
SetCapture
ReleaseCapture
GetKeyState
MessageBoxA
OffsetRect
ClientToScreen
CheckMenuItem
IsIconic
ShowWindow
SetForegroundWindow
LoadMenuA
DefWindowProcA
DialogBoxParamA
WinHelpA
GetDesktopWindow
EnableMenuItem
EndDialog
DrawMenuBar
GetClientRect
BeginPaint
MoveWindow
EndPaint
AdjustWindowRectEx
SetWindowLongA
GetDC
ReleaseDC
GetWindowThreadProcessId
GetForegroundWindow
MessageBeep
UnionRect
GetCursorPos
ScreenToClient
wsprintfA
IsRectEmpty
ShowCursor
GetMenuItemID
IntersectRect
GetMenuItemCount
DestroyWindow
GetSubMenu
PostQuitMessage
GetWindowRect
PeekMessageA

gdi32

CreateCompatibleDC
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GdiSetBatchLimit

advapi32

RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

binkw32

_BinkPause@8
_BinkOpen@8
_BinkClose@4
_BinkDDSurfaceType@4
_BinkCopyToBuffer@28
_BinkDoFrame@4
_BinkGoto@12
_BinkNextFrame@4
_BinkGetSummary@8
_BinkWait@4
_BinkGetRects@8
_BinkSetSoundSystem@8
_BinkOpenMiles@4

ifc20

?reset@CImmMouse@@MAEXXZ
?prepare_device@CImmMouse@@MAEHXZ
?SwitchToAbsoluteMode@CImmMouse@@UAEHH@Z
?ChangeScreenResolution@CImmMouse@@UAEHHKK@Z
?GetDevice@CImmMouse@@UAEPAUIFeelitDevice@@XZ
?GetAPI@CImmMouse@@UAEPAUIFeelit@@XZ
?LoadProjectFromMemory@CImmProject@@QAEHPAXPAVCImmDevice@@@Z
?Initialize@CImmMouse@@QAEHPAX0K@Z
??0CImmMouse@@QAE@XZ
?m_dwErrHandlingFlags@CIFCErrors@@0KA
??1CImmMouse@@UAE@XZ
??1CImmProject@@QAE@XZ
?Close@CImmProject@@QAEXXZ
?SetRect@CImmEnclosure@@QAEHPBUtagRECT@@@Z
?Start@CImmCompoundEffect@@QAEHKK@Z
?CreateEffect@CImmProject@@QAEPAVCImmCompoundEffect@@PBDPAVCImmDevice@@K@Z
?DestroyEffect@CImmProject@@QAEXPAVCImmCompoundEffect@@@Z
?Start@CImmEnclosure@@UAEHK@Z
?Stop@CImmEnclosure@@UAEHXZ
?Start@CImmEffect@@UAEHKKH@Z
?InitializeFromProject@CImmEffect@@UAEHAAVCImmProject@@PBDPAVCImmDevice@@K@Z
?Initialize@CImmEnclosure@@UAEHPAVCImmDevice@@ABUFEELIT_EFFECT@@K@Z
?GetIsCompatibleGUID@CImmEnclosure@@UAEHAAU_GUID@@@Z
?Initialize@CImmEnclosure@@QAEHPAVCImmDevice@@PBUtagRECT@@JJKKKKKKPAVCImmEffect@@JK@Z
??0CImmEnclosure@@QAE@XZ
??1CImmEnclosure@@UAE@XZ

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 208KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 528KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 184KB - Virtual size: 33.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72cad0ccc32f585c6594d2ff7cb46d37

Headers

File Characteristics

Imports

version

winmm

mss32

smackw32

ddraw

wsock32

kernel32

user32

gdi32

advapi32

shell32

ole32

binkw32

ifc20

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 144KB - Virtual size: 142KB

.data Size: 208KB - Virtual size: 315KB

.rsrc Size: 40KB - Virtual size: 336KB

.text Size: 528KB - Virtual size: 525KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 184KB - Virtual size: 33.7MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 144KB - Virtual size: 142KB

.data
Size: 208KB - Virtual size: 315KB

.rsrc
Size: 40KB - Virtual size: 336KB

.text
Size: 528KB - Virtual size: 525KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 184KB - Virtual size: 33.7MB