1044d174573b4ae89e30aa5a7c59bfb3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1044d174573b4ae89e30aa5a7c59bfb3_JaffaCakes118
Size

133KB
MD5

1044d174573b4ae89e30aa5a7c59bfb3
SHA1

1c20342a043b7e7713ae6f55c61513b8a224bc8d
SHA256

c9eb6cd6c86b6c0ea318d72c8dd92232235d8cbe227cdd9020affcd5a52038a6
SHA512

ac8fe21a54802fae3fadc8e75eb638423a9df3c581365d48575a4f439c1b2c94f331c3fc31f6466fdb4931db8a962a372004c951ec129673016e0df0fe18ab66
SSDEEP

3072:C7zg3uDD5rZY7V1ByFFRHdZm2KlaFaoGLQBFKi+Xj6WatKEb9r:CI3uDD5ra7nSnHdZm2LFOE4i+z6WtE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1044d174573b4ae89e30aa5a7c59bfb3_JaffaCakes118

Files

1044d174573b4ae89e30aa5a7c59bfb3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6755d5e1450958f378ea72a223042984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessTimes
GetQueuedCompletionStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
Heap32ListNext
HeapAlloc
InitializeCriticalSection
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDebuggerPresent
FormatMessageA
LoadLibraryA
OpenFile
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
ReleaseSemaphore
ResetWriteWatch
SetInformationJobObject
SetThreadPriority
SetUnhandledExceptionFilter
SignalObjectAndWait
Sleep
TerminateProcess
TerminateThread
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
WriteFileGather
FlushConsoleInputBuffer
ExitProcess
EnterCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
CreateThread
CreateSemaphoreA
CreateMutexA
CreateIoCompletionPort
CreateEventA
CloseHandle
LeaveCriticalSection
CancelIo

dsound

ord2
ord1
ord6
ord9

ole32

CoInitialize
CoUninitialize

shell32

SHGetDiskFreeSpaceExA
SHBindToParent
SHAppBarMessage
RealShellExecuteW

advapi32

InitializeSecurityDescriptor
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
ImpersonateLoggedOnUser

dinput

DirectInputCreateA

Exports

Exports

CreateDataObject
OpenFileStream
SetIndexRange
SwapMultiple
TextureStatus

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6755d5e1450958f378ea72a223042984

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dsound

ole32

shell32

advapi32

dinput

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 5KB