bb082328c2689ba4deecd188d02d25bd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb082328c2689ba4deecd188d02d25bd_JaffaCakes118
Size

183KB
MD5

bb082328c2689ba4deecd188d02d25bd
SHA1

6b5c1d4a630a47ba0e2954b939305d397eed4f6b
SHA256

1c7b7343ccb3f20597c7550f46a2ecc2a7b4c11252f26fcee13ec46e11c083b4
SHA512

4ee4d25db11e0b25a860611867d4ff204e7b4aacc3fbb2ecb883e3918e157635df75614f8511f89187dece0c7b954e82b9bdc66fddc2e99058d6bcd60a409229
SSDEEP

3072:FT5OTJzI/kSaljzPax3rWXV3MpxprVC/nT/D5KyeLbQkXObjSqVSwVbQIXPrJ/4:FTgy/kSal/ayXIYDDMyeXvXOLSwVb1fO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb082328c2689ba4deecd188d02d25bd_JaffaCakes118

Files

bb082328c2689ba4deecd188d02d25bd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57312a0bc92dc3e14a420b075938c1e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipFree
GdipGetImageThumbnail
GdiplusStartup
GdipAlloc
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCloneImage

gdi32

GetStockObject
CreateDIBSection
StretchDIBits
CreateCompatibleDC
SetStretchBltMode
SelectObject
RealizePalette
GetObjectW
GetDIBits
SelectPalette
BitBlt

kernel32

EnterCriticalSection
GetCurrentProcessId
GlobalFree
GetLastError
GetVersionExA
DeleteCriticalSection
lstrcmpW
PrivCopyFileExW
ProcessIdToSessionId
VirtualFree
GetModuleHandleW
SetThreadPriority
ReleaseSemaphore
GetLocaleInfoA
LeaveCriticalSection
GetProcessId
CreateEventW
DuplicateHandle
GlobalLock
GetThreadLocale
LocalFree
VirtualAlloc
RaiseException
SetEvent
GetCurrentThread
DisableThreadLibraryCalls
GetACP
ResetEvent
GetSystemTimeAsFileTime
GetCurrentProcess
GetTickCount
EnumResourceTypesA
WaitForSingleObject
CreateThread
MultiByteToWideChar
QueryPerformanceCounter
lstrcpynW
GetProcAddress
OutputDebugStringW
GlobalReAlloc
InterlockedExchange
InitializeCriticalSection
GetThreadPriority
GetCurrentThreadId
InterlockedIncrement
lstrcmpiW
WriteFile
WaitForMultipleObjects
GetVersionExW
ExitProcess
GetSystemInfo
CreateSemaphoreW
LocalAlloc
lstrlenA
GlobalAlloc
lstrcpyW
CreateFileW
LoadLibraryW
Sleep
InterlockedDecrement
lstrlenW
GetModuleFileNameW
CloseHandle
FreeLibrary
GlobalUnlock
GetModuleFileNameA

winmm

mixerGetLineInfoW
mixerGetControlDetailsW
mixerOpen
mixerClose
mixerGetLineControlsW
timeSetEvent
waveInGetDevCapsW
waveInGetNumDevs
mixerSetControlDetails
timeGetTime
mixerGetNumDevs
mixerGetDevCapsW

user32

TranslateMessage
PostThreadMessageW
UnregisterClassA
DispatchMessageW
ReleaseDC
wsprintfW
SetParent
GetWindowRect
SetTimer
GetDC
RegisterWindowMessageW
PeekMessageW
UnregisterClassW
EnableWindow
KillTimer
IsWindowVisible
GetQueueStatus
wvsprintfW
MsgWaitForMultipleObjects

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57312a0bc92dc3e14a420b075938c1e2

Headers

File Characteristics

Imports

gdiplus

gdi32

kernel32

winmm

user32

Sections

.text Size: 110KB - Virtual size: 110KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 67KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 112KB

.text
Size: 110KB - Virtual size: 110KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 67KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 112KB