06d74f2c045ef6608b92643a55a0bf9d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06d74f2c045ef6608b92643a55a0bf9d_JaffaCakes118
Size

175KB
MD5

06d74f2c045ef6608b92643a55a0bf9d
SHA1

9985e258168c4f3734b4a8324a029d4223f9cb48
SHA256

ac3df2e51b444aa5f9a82da58d4489f8cbcec896b83b73948cd06504edbec91b
SHA512

2c17cef416d78c1a950c610899c72b1b09d34c3593ba5f3b168b6ff31802c53b12d1c5c17073987c9217ad5e121f21f2ac8e15f988a17d2596e2b95a1e35d2e0
SSDEEP

3072:LQ8XgAS3SKCbPPEaFjb9XY8A+PqA8AXO1Ko2qoDDNIT8M+/XM0/K1l3:LQ8XVEmHu89dKso2rJwcXZK1N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d74f2c045ef6608b92643a55a0bf9d_JaffaCakes118

Files

06d74f2c045ef6608b92643a55a0bf9d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

73cb943dbfa1a25d4a8c46eda3a2c1df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

DispatchMessageW
FillRect
SetRectEmpty
GetDC
OffsetRect
IsRectEmpty
ReleaseDC
GetClientRect
PeekMessageW
CopyRect
wsprintfW
TranslateMessage
GetWindowRect

kernel32

FreeLibrary
ReadFile
GetThreadLocale
DeleteCriticalSection
GetACP
SetFileAttributesA
DisableThreadLibraryCalls
WaitNamedPipeA
DeleteFileW
lstrlenW
GetModuleFileNameW
FindClose
InitializeCriticalSection
CloseHandle
GetTickCount
MulDiv
OutputDebugStringA
GetVersionExA
LocalFree
EnterCriticalSection
GetProcessAffinityMask
QueryPerformanceCounter
InterlockedIncrement
InterlockedDecrement
CreateDirectoryA
GetSystemTime
lstrlenA
EnumResourceTypesW
GetModuleFileNameA
GetTempPathA
FindNextFileW
LoadLibraryW
ReleaseMutex
SetFileAttributesW
TerminateProcess
GetProcAddress
Sleep
GetVersionExW
GetLocaleInfoA
GetCurrentThreadId
GetTempFileNameA
CopyFileA
WaitForSingleObject
DeleteFileA
GetLastError
GetFileAttributesA
LocalAlloc
WriteFile
CreateMutexA
FindFirstFileW
CreateDirectoryW
SetFilePointer
CreateFileA
MultiByteToWideChar
InterlockedExchange
LeaveCriticalSection
OutputDebugStringW
RemoveDirectoryW
GetTempPathW
GetCurrentProcessId
WideCharToMultiByte
GetTempFileNameW
GetSystemTimeAsFileTime

shlwapi

PathRemoveBackslashW
PathAppendW
PathFileExistsW
PathRenameExtensionW
PathCombineW
PathIsDirectoryW
PathFileExistsA
PathAddBackslashW
PathRemoveFileSpecW

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73cb943dbfa1a25d4a8c46eda3a2c1df

Headers

File Characteristics

Imports

winmm

avifil32

user32

kernel32

shlwapi

Sections

.text Size: 98KB - Virtual size: 97KB

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: 73KB - Virtual size: 72KB

.tls Size: 1024B - Virtual size: 248KB

.text
Size: 98KB - Virtual size: 97KB

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: 73KB - Virtual size: 72KB

.tls
Size: 1024B - Virtual size: 248KB