04dd913ceb98e5bef81526b852fede31_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04dd913ceb98e5bef81526b852fede31_JaffaCakes118
Size

175KB
MD5

04dd913ceb98e5bef81526b852fede31
SHA1

b099c6a03741b6a94e4d6e18e520c91710aa126c
SHA256

baf855428a8e063afd568192e16c165e84493b0e7fbab25d2dfc76e21e726f7a
SHA512

676fd7b6d1758e194f095dc1035ea10bd86607187db297f6d097b3f267c2fc4d9a4708e103758752fb5fa696abfa6a0d46fc1de486de5abebc2b7fffd738d7ec
SSDEEP

3072:BWL3FeJdUI12UuG7ds7vzp1dtuiD4y3hsTFztgOTT54bBrnpKOHkM4h:BWL3F0dUO2UuGhsjuiD4y3OJ+kT5aBr4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04dd913ceb98e5bef81526b852fede31_JaffaCakes118

Files

04dd913ceb98e5bef81526b852fede31_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8da24270a05440fe6a52a838c11bab0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueW
RegCreateKeyW
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExA
RegDeleteKeyA

gdi32

GetObjectW
SelectObject
CreateDCW
GetObjectType
SetBkColor
DeleteObject
CreateBitmap
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SetBrushOrgEx
BitBlt
StretchBlt
CreateDIBSection
GetDIBits
SetStretchBltMode

ole32

CoCreateInstance
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize
CoInitialize

shlwapi

PathFileExistsA
PathAppendW
PathAddBackslashW
PathFileExistsW
PathIsDirectoryW
PathRemoveBackslashW
PathCombineW
PathRenameExtensionW
PathRemoveFileSpecW

kernel32

GetTempFileNameA
SetFilePointer
LoadLibraryW
CopyFileA
GetVersionExA
CreateDirectoryW
GetProcAddress
GetFileAttributesA
DeleteFileW
WaitForMultipleObjects
InitializeCriticalSection
FreeLibrary
GetTempFileNameW
FindNextFileW
GetSystemTime
ReadFile
DeleteCriticalSection
CloseHandle
CreateDirectoryA
RemoveDirectoryW
GetPriorityClass
FindClose
CreateMutexA
LocalFree
SetFileAttributesW
lstrlenW
EnumResourceTypesW
LeaveCriticalSection
lstrlenA
CreateFileA
InterlockedIncrement
ReleaseMutex
GetVersionExW
GetThreadLocale
GetModuleFileNameW
OutputDebugStringW
LocalAlloc
FindFirstFileW
GetTempPathA
Sleep
GetLocaleInfoA
ExitProcess
GetCurrentThreadId
MulDiv
QueryPerformanceCounter
GetTickCount
WideCharToMultiByte
GetLastError
SetFileAttributesA
EnterCriticalSection
GetCurrentProcessId
OutputDebugStringA
MultiByteToWideChar
GetACP
WriteFile
GetTempPathW
DeleteFileA
InterlockedExchange
WaitForSingleObject
GetModuleFileNameA
InterlockedDecrement
DisableThreadLibraryCalls
GetSystemTimeAsFileTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

TranslateMessage
GetClientRect
IsRectEmpty
GetDC
wsprintfW
SetRectEmpty
CopyRect
DispatchMessageW
ReleaseDC
FillRect
OffsetRect
PeekMessageW
GetWindowRect

winmm

timeGetTime

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8da24270a05440fe6a52a838c11bab0f

Headers

File Characteristics

Imports

advapi32

gdi32

ole32

shlwapi

kernel32

avifil32

user32

winmm

shell32

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 72KB - Virtual size: 71KB

.tls Size: 1024B - Virtual size: 380KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 72KB - Virtual size: 71KB

.tls
Size: 1024B - Virtual size: 380KB