d42165515684a8748f7a86d26d911883_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d42165515684a8748f7a86d26d911883_JaffaCakes118
Size

6.1MB
MD5

d42165515684a8748f7a86d26d911883
SHA1

d139b6f5f3e723be8092bede1b291edc4a694a2f
SHA256

202e4994bc0daa4879a677722176510a06a73ebaa35735f758531e6a4e463073
SHA512

b38298c672e5ce79960f401348b6b8b06862c7729cb8cabd3a32e4bf1fea78ce274763faf204d895684d33842b40ae5f26c834dcf6a9094dfedfb979a9490a21
SSDEEP

49152:Ma2G0S0HCes+Ixmhshq9I2Lk7/EbH5Snk0jsBXre0nqHXW1Iv3DWqQWC9P1p1OC9:12hNC+IYh2ybH5SHjsxx4Wn9Zf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d42165515684a8748f7a86d26d911883_JaffaCakes118

Files

d42165515684a8748f7a86d26d911883_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e70b7074f5875fb615572e661a61fded

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MulDiv
OpenEventA
SetCurrentDirectoryW
GetModuleFileNameW
MultiByteToWideChar
GetSystemTimeAsFileTime
LoadLibraryW
GetLastError
GetModuleHandleA
ReadFile
GetTickCount
CloseHandle
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedExchange
GetFileSize
GetCurrentProcessId
MoveFileA
FreeLibrary
GetTempPathA
RegisterWaitForSingleObjectEx
UnregisterWait
CreateFileA
CreateProcessA
DeleteFileA
RaiseException
WaitForSingleObject
SetFileAttributesA
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
GetCurrentDirectoryA
CreateDirectoryA
DebugBreak
GetProcAddress
LoadLibraryA
InterlockedCompareExchange
Sleep
GetCommandLineA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateMutexA

user32

PeekMessageA
TranslateMessage
DispatchMessageA
LoadIconA
RegisterClassA
ShowCursor
LoadCursorA
SetCursor
DefWindowProcA
SystemParametersInfoA
GetFocus
GetForegroundWindow
DrawTextExA
InvertRect
FrameRect
DrawIconEx
FillRect
LoadImageA
SendMessageA
GetAsyncKeyState
GetSystemMetrics
MessageBoxA
GetDesktopWindow
UnregisterClassA

gdi32

GdiFlush
SetMapMode
SetBkMode
TextOutA
MoveToEx
LineTo
SetPixel
GetStockObject
SetTextColor
SetBkColor
CreateRectRgn
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
DeleteObject
CreatePen
CreateFontIndirectA
CreateDIBSection

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

msvcr80

_crt_debugger_hook
_ltoa
_ultoa
_strlwr
_strnicmp
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
strstr
memset
strncpy
memmove
_purecall
_vscprintf
_vsnprintf
vsprintf
memcpy
exit
puts
_stricmp
strchr
sprintf
sscanf
strpbrk
strrchr
isupper
islower
abort
_set_purecall_handler
_beginthread
_except_handler3
atoi
_exit
_i64toa
_ui64toa
fclose
fwrite
fopen
fread
ftell
fseek
_snprintf
_CIasin
fprintf
fscanf
feof
strcpy_s
tolower
_CIacos
rand
_isnan
strtok
toupper
strcspn
strspn
_CIfmod
strncmp
fflush
fputs
_CIpow
floor
_localtime64
_time64
strtol
_errno
strtod
atof
mbtowc
asctime
strftime
_makepath
_splitpath
isspace
fgets
wcsstr
ceil
_snwprintf
_vswprintf_c_l
wcschr
_mbscmp
_mbsnbcpy
_vscwprintf
_vsnwprintf
isdigit
wctomb
__iob_func
_wassert
free
malloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_itoa

shlwapi

StrStrIW
PathRemoveFileSpecW

intellaptopgaming

?IsWirelessAdapterEnabled@IntelLaptopGamingTDKInterface@@QAE_NXZ
?IsWirelessAdapterConnected@IntelLaptopGamingTDKInterface@@QAE_NXZ
?GetSecBatteryLifeTimeRemaining@IntelLaptopGamingTDKInterface@@QAEKXZ
?GetPercentBatteryLife@IntelLaptopGamingTDKInterface@@QAEHXZ
?GetPowerSrc@IntelLaptopGamingTDKInterface@@QAE?AW4PowerSource@@XZ
?GetTDKInterface@IntelLaptopGamingTDKInterface@@SAPAV1@XZ
?IsLaptop@IntelLaptopGamingTDKInterface@@QAE_NXZ
?Get80211SignalStrength@IntelLaptopGamingTDKInterface@@QAEHXZ

Exports

Exports

??4IntelLaptopGamingTDKInterface@@QAEAAV0@ABV0@@Z
CreateEditorGame
CreateGame
CreateGameFramework
CreateGameStartup
CryModuleGetMemoryInfo

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 472KB - Virtual size: 469KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 144KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rld
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e70b7074f5875fb615572e661a61fded

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcr80

shlwapi

intellaptopgaming

Exports

Exports

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 472KB - Virtual size: 469KB

.data Size: 144KB - Virtual size: 514KB

.tls Size: 4KB - Virtual size: 4B

.rsrc Size: 600KB - Virtual size: 596KB

.rld Size: 316KB - Virtual size: 314KB

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 472KB - Virtual size: 469KB

.data
Size: 144KB - Virtual size: 514KB

.tls
Size: 4KB - Virtual size: 4B

.rsrc
Size: 600KB - Virtual size: 596KB

.rld
Size: 316KB - Virtual size: 314KB