b39aa8b0875bab2c9edfe06e2c083ef9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b39aa8b0875bab2c9edfe06e2c083ef9_JaffaCakes118
Size

1.4MB
MD5

b39aa8b0875bab2c9edfe06e2c083ef9
SHA1

0be53e349f4d2b446b1e54dcd8b3ac4ddbcd4423
SHA256

eb8e3a6efaefeea1a2e77ebc9eb0742424210a79adfd44eef3be13873c8b8371
SHA512

b6cf8abfdb078534245ee0eff5fa2950c3a1cb554ba6432d13be20ef545acf7129dfa9cbbf55a3d170b32ed80fdcc8409843772a16876a81c333c07715fe7a73
SSDEEP

24576:1IW0KRIdhXh8C5t9NnLEfRlUUBd+nSOuoa288nFQgh/wbgt1p2IYGUCLbyW:1IWbRwC2ZnLkanSOS288egeqDA9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b39aa8b0875bab2c9edfe06e2c083ef9_JaffaCakes118

Files

b39aa8b0875bab2c9edfe06e2c083ef9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f4871f49bd7bd7825065ba05b6dbc6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dplayx

ord2
ord1

qmixer

QSWaveMixGetVolume
QSWaveMixStopChannel
QSWaveMixCloseSession
QSWaveMixInitEx
QSWaveMixActivate
QSWaveMixPlayEx
QSWaveMixSetVolume
QSWaveMixIsChannelDone
QSWaveMixSetPosition
QSWaveMixFreeWave
QSWaveMixOpenWave
QSWaveMixFlushChannel
QSWaveMixOpenChannel
QSWaveMixGetFrequency
QSWaveMixSetFrequency
QSWaveMixEnableChannel

ddraw

DirectDrawEnumerateA
DirectDrawCreate

winmm

mciGetDeviceIDA
mciSendCommandA
timeKillEvent
timeBeginPeriod
timeSetEvent
timeEndPeriod
joyGetDevCapsA
joyGetPosEx
timeGetTime

dinput

DirectInputCreateA

kernel32

CompareStringA
RaiseException
GetStringTypeW
GetStringTypeA
SetConsoleCtrlHandler
VirtualAlloc
SetEnvironmentVariableA
CompareStringW
GetOEMCP
QueryPerformanceFrequency
OutputDebugStringA
CreateFileA
lstrcpyA
FlushFileBuffers
WriteFile
lstrlenA
CloseHandle
SetFilePointer
OpenFile
FindFirstFileA
CopyFileA
QueryPerformanceCounter
GetSystemTime
GetDiskFreeSpaceA
lstrcatA
GetFileSize
ReadFile
GetDriveTypeA
GetLogicalDrives
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
WinExec
SetPriorityClass
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
SetThreadPriority
GetCurrentThread
GetTickCount
GetModuleHandleA
MulDiv
MultiByteToWideChar
lstrcpynA
TerminateProcess
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetACP
HeapDestroy
SetEndOfFile
SetHandleCount
SetStdHandle
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetModuleFileNameA
InterlockedIncrement
FileTimeToSystemTime
LoadLibraryA
InterlockedDecrement
GetStdHandle
DebugBreak
GetProcAddress
HeapValidate
IsBadReadPtr
IsBadWritePtr
GetVersion
GetCommandLineA
GetStartupInfoA
GetFileInformationByHandle
ExitProcess
GetFileType
GetTimeZoneInformation
GetComputerNameA
GetLocalTime
VirtualFree
GetLastError
FileTimeToLocalFileTime
HeapCreate
PeekNamedPipe
RtlUnwind
HeapReAlloc

user32

SendMessageA
InvalidateRect
SystemParametersInfoA
DefWindowProcA
SetCursor
BeginPaint
EndPaint
FindWindowA
ShowCursor
PeekMessageA
GetMessageA
DispatchMessageA
WaitMessage
GetAsyncKeyState
LoadCursorA
RegisterClassA
CreateWindowExA
SetFocus
GetClientRect
ClientToScreen
GetSystemMetrics
SetWindowPos
GetDC
ReleaseDC
wsprintfA
wvsprintfA
MessageBoxA
VkKeyScanA
ShowWindow
UpdateWindow
DestroyWindow
GetKeyState
GetKeyboardState
SetKeyboardState
GetCursor

gdi32

SetBkMode
CreateFontIndirectA
GetSystemPaletteEntries
TextOutA
PatBlt
SetTextColor
GetDeviceCaps
GetStockObject
DeleteObject
SetSystemPaletteUse
SelectObject

advapi32

RegOpenKeyExA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 271KB - Virtual size: 9.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f4871f49bd7bd7825065ba05b6dbc6a

Headers

File Characteristics

Imports

dplayx

qmixer

ddraw

winmm

dinput

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 271KB - Virtual size: 9.5MB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 271KB - Virtual size: 9.5MB

.rsrc
Size: 10KB - Virtual size: 10KB