fcde2573147ee75d1442b8534288c8d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcde2573147ee75d1442b8534288c8d0_JaffaCakes118
Size

166KB
MD5

fcde2573147ee75d1442b8534288c8d0
SHA1

c0bc2e3e16dca2492b855e512710b2a99a9c56d8
SHA256

c01a525552751ab104497bf940699234b827b4f75cc2523a30cc723dd3708021
SHA512

ecc4c5e3291e2352b1f674529437208836ad3941d7330929a4986a86a2602c5990cec0ae6703b2a9ec7bc46dffac229d90203b364e84ce95bcca43221340a8d2
SSDEEP

3072:p4BewFI9bcBa/4phR9L8d+4Xd8XdgKpa0nf2:pL34gUfOd+4Xdiagf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcde2573147ee75d1442b8534288c8d0_JaffaCakes118

Files

fcde2573147ee75d1442b8534288c8d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

734d4e5ae0ada450f9421e9eda8b53c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
lstrlenA
Sleep
CreateDirectoryA
InterlockedIncrement
GetSystemTime
FindFirstFileW
InitializeCriticalSection
WaitNamedPipeA
CreateDirectoryW
CloseHandle
CopyFileA
GetCurrentProcessId
OutputDebugStringA
CreateMutexA
EnterCriticalSection
RemoveDirectoryW
ReleaseMutex
GetTempPathW
GetLastError
GetLocaleInfoA
GetThreadLocale
GetTempFileNameA
GetProcessAffinityMask
GetTempFileNameW
GetModuleFileNameW
DeleteFileA
lstrlenW
GetTickCount
FindNextFileW
OutputDebugStringW
FindClose
WideCharToMultiByte
GetProcAddress
FreeLibrary
SetFileAttributesA
EnumResourceTypesW
ReadFile
LoadLibraryW
SetFilePointer
LeaveCriticalSection
QueryPerformanceCounter
GetFileAttributesA
DeleteCriticalSection
DisableThreadLibraryCalls
TerminateProcess
LocalFree
InterlockedExchange
DeleteFileW
GetCurrentThreadId
WriteFile
GetVersionExA
GetVersionExW
GetModuleFileNameA
LocalAlloc
WaitForSingleObject
GetACP
MultiByteToWideChar
CreateFileA
MulDiv
SetFileAttributesW
InterlockedDecrement
GetSystemTimeAsFileTime

advapi32

RegOpenKeyExA
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegDeleteKeyW
RegCreateKeyExA
RegSetValueW
RegQueryValueExA
RegCreateKeyW
RegSetValueExW
RegDeleteKeyA

winmm

timeGetTime

gdi32

BitBlt
StretchBlt
GetObjectW
GetObjectType
CreateDCW
SelectObject
DeleteObject
CreateBitmap
DeleteDC
SetBrushOrgEx
CreateCompatibleBitmap
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
GetDIBits
SetBkColor
SetStretchBltMode

shlwapi

PathRenameExtensionW
PathAddBackslashW
PathCombineW
PathIsDirectoryW
PathRemoveBackslashW
PathFileExistsA
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

user32

SetRectEmpty
DispatchMessageW
PeekMessageW
OffsetRect
IsRectEmpty
ReleaseDC
CopyRect
TranslateMessage
GetClientRect
FillRect
GetDC
wsprintfW
GetWindowRect

avifil32

AVISaveOptions
AVIMakeCompressedStream

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

734d4e5ae0ada450f9421e9eda8b53c2

Headers

File Characteristics

Imports

kernel32

advapi32

winmm

gdi32

shlwapi

user32

avifil32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 62KB - Virtual size: 61KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 62KB - Virtual size: 61KB

.tls
Size: 1024B - Virtual size: 104KB