0e173b49d4f382e2a668fad4bd8330a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e173b49d4f382e2a668fad4bd8330a9_JaffaCakes118
Size

732KB
MD5

0e173b49d4f382e2a668fad4bd8330a9
SHA1

900e32550fb52ea1f1d2fa8f232215aecb2b021f
SHA256

def64e29294096e2d1294c41f325867d2219ea9b8bd9f13646140af1f54ca7f0
SHA512

83d3aa513945a1ba15f1186ff422b6970531f677323f098499556d0840653beb20cd3e8f74fdda5496f6584883b29453d2c8803cd6c5f0d7256c2b2e136ebc00
SSDEEP

12288:/YvDL7V50ksoxyjE1b+ysISCq7LwRd28PjpimL:/YvDnV50wxyjXysTCq7LwRswjEmL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e173b49d4f382e2a668fad4bd8330a9_JaffaCakes118

Files

0e173b49d4f382e2a668fad4bd8330a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29d649bf8544e76d2f719c67f6f7b73e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
GlobalAlloc
MulDiv
SetUnhandledExceptionFilter
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
IsBadWritePtr
GetLastError
VirtualQuery
GetVersionExA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
IsBadReadPtr
GlobalUnlock
GetFullPathNameA
GetDriveTypeA
RaiseException
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
CreateFileA
HeapSize
TlsAlloc
SetLastError
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
SetEndOfFile
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
MultiByteToWideChar
CreateDirectoryA
OutputDebugStringA
GetCurrentThread
SetThreadPriority
GetWindowsDirectoryA
Sleep
GetModuleFileNameA
GetCurrentThreadId
GetFileAttributesA
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
WinExec
GetCurrentDirectoryA
GetTickCount

user32

LoadIconA
CloseClipboard
SetClipboardData
OpenClipboard
GetClipboardData
OffsetRect
ReleaseDC
GetDC
DrawTextExA
PostQuitMessage
GetMessageA
SendMessageA
GetSysColor
SetCursor
SetForegroundWindow
RegisterClassA
CreateWindowExA
DispatchMessageA
GetCursorPos
WindowFromPoint
SetCapture
ReleaseCapture
GetWindowLongA
BeginPaint
EndPaint
DefWindowProcA
GetWindowPlacement
CloseWindow
ShowWindow
DestroyWindow
GetWindowRect
AdjustWindowRect
PeekMessageA
ClipCursor
ClientToScreen
GetClientRect
TranslateMessage
SetTimer
LoadCursorA
MessageBoxA
ShowCursor
SetCursorPos
SetWindowLongA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

gdi32

GetTextMetricsA
GetObjectA
SelectObject
DeleteObject
CreateFontA
GetDeviceCaps
CreateFontIndirectA
TextOutA
SetTextColor
IntersectClipRect
SetBkMode
CreateSolidBrush

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

winmm

mixerSetControlDetails
mixerGetDevCapsA
timeBeginPeriod
timeEndPeriod
mixerGetLineInfoA
mixerGetLineControlsA
mixerOpen
mixerClose
mixerGetControlDetailsA
timeGetTime

ddraw

DirectDrawCreate

wsock32

gethostbyname
ioctlsocket
socket
WSAStartup
closesocket
shutdown
htons
WSACleanup
connect
WSAGetLastError
send
recv

dsound

ord1

fmod

_FMUSIC_StopSong@4
_FMUSIC_SetMasterVolume@8
_FSOUND_Init@12
_FSOUND_SetHWND@4
_FSOUND_Close@0
_FSOUND_Sample_Unlock@20
_FSOUND_Sample_Lock@28
_FSOUND_Sample_Free@4
_FSOUND_Sample_GetLength@4
_FSOUND_Sample_GetDefaults@20
_FSOUND_Sample_GetMode@4
_FSOUND_Sample_Load@16
_FMUSIC_PlaySong@4
_FMUSIC_SetOrder@8
_FMUSIC_IsPlaying@4
_FMUSIC_LoadSong@4

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 580KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29d649bf8544e76d2f719c67f6f7b73e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

shell32

ole32

oleaut32

winmm

ddraw

wsock32

dsound

fmod

version

Sections

.text Size: 580KB - Virtual size: 577KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 56KB - Virtual size: 67KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 580KB - Virtual size: 577KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 56KB - Virtual size: 67KB

.rsrc
Size: 44KB - Virtual size: 41KB