ce1701b4271e7deb79b0389cad837575_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce1701b4271e7deb79b0389cad837575_JaffaCakes118
Size

242KB
MD5

ce1701b4271e7deb79b0389cad837575
SHA1

5ffb1d479701585025d26f260618340adc0677a4
SHA256

1ea779a0c96b391878bdb34d96d02b9d83c3ef8ec139cf81f1393682c25a4812
SHA512

a429abf38becfc427a70c60634614f8ab85f483ba26b0d4b130b100dd87ae08aff65eea3d7da394329d62b4c7055719651ee4ad84bb969ce49e88db2b39335d0
SSDEEP

3072:SxRnlDiTwxQJtJmUCS1U6So7YFChzrj5LPMtfrOjph6:SxRnmwxQJ6/6SMosD57srSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce1701b4271e7deb79b0389cad837575_JaffaCakes118

Files

ce1701b4271e7deb79b0389cad837575_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ac8b30237ee94cf34532075961dad7a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Ribbons.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyA

kernel32

LoadResource
HeapSetInformation
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetSystemInfo
GetVersionExA
IsProcessorFeaturePresent
GetProcAddress
OutputDebugStringA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
LockResource
GetTickCount
SizeofResource
FindResourceW
GetModuleHandleW
MulDiv
GetCommandLineW
QueryPerformanceFrequency

user32

EndPaint
BeginPaint
SetCursor
UnionRect
SetWindowPos
SetTimer
KillTimer
DefWindowProcW
SystemParametersInfoW
PostMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
InvalidateRect
UpdateWindow
LoadCursorW
LoadIconW
RegisterClassW
LoadStringW
IntersectRect
OffsetRect
PeekMessageW
FillRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
ScreenToClient
DrawTextW
AdjustWindowRect
SetRect
MessageBoxW
SetRectEmpty
EnumDisplaySettingsW
GetClientRect
CreateWindowExW

msvcrt

_ftol2_sse
_ftol2
srand
memset
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_unlock
__dllonexit
_lock
_CIsqrt
time
_onexit
_CIacos
_CIatan2
_CIsin
_finite
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
iswdigit
rand
qsort
_vsnwprintf
_wtol

comctl32

ord344
InitCommonControlsEx

ole32

CoInitializeEx
CoUninitialize

gdi32

SetBkColor
SetTextColor
SelectObject
DeleteObject
ExcludeClipRect
CreateFontW
GetDeviceCaps
GetStockObject

d3d9

Direct3DCreate9

winmm

timeGetTime

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

avibdpj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ac8b30237ee94cf34532075961dad7a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

comctl32

ole32

gdi32

d3d9

winmm

Sections

.text Size: 124KB - Virtual size: 124KB

.data Size: 33KB - Virtual size: 44KB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 44KB - Virtual size: 45KB

avibdpj Size: - Virtual size: 4KB

.text
Size: 124KB - Virtual size: 124KB

.data
Size: 33KB - Virtual size: 44KB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 44KB - Virtual size: 45KB

avibdpj
Size: - Virtual size: 4KB