df38175979affee28e03746a82ff8586_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df38175979affee28e03746a82ff8586_JaffaCakes118
Size

172KB
MD5

df38175979affee28e03746a82ff8586
SHA1

8d7238f2b9d74065f31240b6a272667bbed86d5c
SHA256

46574c42796036dcd7c8337d2197d022b1c0dd1a3e0a35cedf9d251f1954ba85
SHA512

de4146c5ef55c6e24510873c8ce95155a2c2e955ed1e47fc599d521a812513fc769518a6f953103c1f89dd6544352baf3419ae391620273194ca17ad9fec1250
SSDEEP

3072:fnJyaIZeHSLRhRr4868AxFNdpNP6ZQUfsxeid3DaT/1yQ1ksiTHgA:fnZSLRnw8AxJpNSHsxpTm/Zusq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df38175979affee28e03746a82ff8586_JaffaCakes118

Files

df38175979affee28e03746a82ff8586_JaffaCakes118
.exe windows:4 windows x86 arch:x86

51de8fa5dec19abd7472d460c4297b41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVIMakeCompressedStream

shlwapi

PathFileExistsW
PathFileExistsA
StrStrIW

kernel32

GetFileSize
CreateDirectoryA
DeleteFileA
WaitForMultipleObjectsEx
GetTickCount
GetCurrentProcessId
GetFileAttributesA
CreateFileW
GlobalLock
ReleaseMutex
CreateMutexA
SetFilePointer
GlobalFree
GetCurrentThreadId
MultiByteToWideChar
GetTempPathA
DeleteCriticalSection
CloseHandle
GetProcessId
DisableThreadLibraryCalls
EnumResourceTypesW
CopyFileA
InitializeCriticalSection
CreateFileA
GetVersionExA
GetModuleFileNameW
GetSystemTime
GetSystemTimeAsFileTime
WaitForSingleObject
GetTempFileNameA
Sleep
SetFileAttributesA
VirtualFree
QueryPerformanceCounter
GetLastError
GlobalUnlock
ExitProcess
WideCharToMultiByte
GetVolumeInformationA
DeviceIoControl
InterlockedIncrement
InterlockedDecrement
VirtualAlloc
lstrlenA
ReadFile
LocalAlloc
GetModuleFileNameA
LocalFree
FreeLibrary

gdi32

SelectObject
StretchBlt
PatBlt
CreateDCA
CreateDIBSection
CreateCompatibleDC
DeleteDC
BitBlt
CreateCompatibleBitmap
DeleteObject
GetObjectA
SetStretchBltMode
GetStockObject
SetDIBits

user32

GetClientRect
wsprintfA
EnableWindow
CopyRect
TranslateMessage
EqualRect
PeekMessageA
InflateRect
RegisterClassA
ReleaseDC
IsWindow
FillRect
GetDesktopWindow
DispatchMessageA
SetRect
PostMessageA
InvalidateRect
AttachThreadInput
SetParent
GetDC
BringWindowToTop
DefWindowProcA
SendMessageA
UnregisterClassA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyA
RegSetValueA
RegCloseKey
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

CreateItemMoniker
StgOpenStorage
CoFreeUnusedLibraries
GetRunningObjectTable
StgCreateDocfile
CoTaskMemAlloc
CoInitialize
CoSetProxyBlanket
StringFromGUID2
CoUninitialize
CoCreateInstance
CoTaskMemFree

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51de8fa5dec19abd7472d460c4297b41

Headers

File Characteristics

Imports

avifil32

shlwapi

kernel32

gdi32

user32

advapi32

shell32

ole32

Sections

.text Size: 101KB - Virtual size: 101KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 65KB - Virtual size: 64KB

.tls Size: 1024B - Virtual size: 252KB

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 65KB - Virtual size: 64KB

.tls
Size: 1024B - Virtual size: 252KB