111e273838eddc11db4b7f7980892044_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

111e273838eddc11db4b7f7980892044_JaffaCakes118
Size

237KB
MD5

111e273838eddc11db4b7f7980892044
SHA1

439fef55359fab169ae3d9164b0de6cac2e3c1bf
SHA256

0a1eb3c372b6fc33595064dac0191fec52b174ac1d48917f6ce0434f28c1bf04
SHA512

edf40d498367b12f391154780e70d5e28b17e746aa6d027c429e7c418be562125e10a215780a575bafb26b9c1e2478df3b93061b3fc7d8f4d4f088e08481b24f
SSDEEP

6144:QBP+dFT443XbOxy1u2xCTeWHVj9pVyPe3+Kc4/60:QwFTTXbSy1nCTeWHB9HyWuBY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
111e273838eddc11db4b7f7980892044_JaffaCakes118

Files

111e273838eddc11db4b7f7980892044_JaffaCakes118
.exe windows:6 windows x86 arch:x86

97a4af8a64dc024e522eab3056743b93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetPriorityClass
GetCurrentProcess
GetLastError
GetTimeFormatW
GetLocalTime
GetUserDefaultLCID
CloseHandle
EraseTape
VerifyVersionInfoW
DeleteCriticalSection
GetDateFormatW
HeapFree
ExpandEnvironmentStringsW
GetTapePosition
MultiByteToWideChar
WideCharToMultiByte
FindFirstVolumeMountPointW
SetUnhandledExceptionFilter
GetVolumeNameForVolumeMountPointW
GetVersionExA
SetFileAttributesW
GetCurrentDirectoryW
TerminateProcess
LeaveCriticalSection
HeapAlloc
FindFirstFileW
GetTapeParameters
GetWindowsDirectoryW
FindNextFileW
SetPriorityClass
LocalFileTimeToFileTime
GetTickCount
CreateDirectoryW
InitializeCriticalSection
LocalAlloc
SetFileShortNameW
BackupSeek
SystemTimeToFileTime
WriteFile
VirtualFree
FileTimeToLocalFileTime
GetModuleFileNameW
GetFileAttributesW
FindVolumeMountPointClose
CreateSemaphoreW
FindClose
VirtualAlloc
ReadFile
DeviceIoControl
GetCurrentThreadId
GetFileInformationByHandle
GetNumberFormatW
GetVolumeInformationW
SetEvent
FindNextVolumeMountPointW
Sleep
BackupRead
LocalFree
ReleaseSemaphore
CreateEventW
SetTapeParameters
SetLastError
EnterCriticalSection
CreateFileW

winmm

mixerGetControlDetailsA
wod32Message
midiOutLongMsg
midiOutGetDevCapsW
auxGetVolume
OpenDriver
mmioStringToFOURCCA
midiStreamRestart
midiStreamPosition
waveOutGetErrorTextA
mmTaskSignal
mixerGetNumDevs
waveInGetDevCapsW
joyGetPosEx
mmioOpenA
mciDriverYield
auxSetVolume
mciGetErrorStringW
midiOutPrepareHeader
midiStreamPause
mixerGetLineControlsW
midiInPrepareHeader
mmioGetInfo
mciDriverNotify
mciGetErrorStringA
midiOutGetErrorTextW
WOW32ResolveMultiMediaHandle
mciGetYieldProc
midiStreamOut
mciFreeCommandResource
mciSendStringW
timeGetTime
midiOutGetVolume
midiOutGetDevCapsA
timeSetEvent
DrvGetModuleHandle
midiStreamStop
DefDriverProc
mmDrvInstall
midiDisconnect
waveInStop
waveOutGetErrorTextW
mixerSetControlDetails
mmioSeek
mciGetDeviceIDFromElementIDW
midiInGetErrorTextW
midiInGetDevCapsW
mmioCreateChunk
mixerOpen
mciGetDeviceIDFromElementIDA
auxGetDevCapsA
mixerGetLineControlsA
midiInGetID
mixerGetLineInfoA
mixerMessage
waveOutReset
midiOutOpen
NotifyCallbackData
mid32Message
mmioRenameW
sndPlaySoundW
mmTaskBlock
mmTaskCreate
midiInStart
waveOutGetNumDevs
midiInStop
WOWAppExit
mciLoadCommandResource
timeBeginPeriod
waveOutClose
waveInGetErrorTextW
mxd32Message
waveOutSetPitch
waveInOpen
mciSetYieldProc
midiOutGetNumDevs
midiInGetDevCapsA
mciExecute
PlaySound
mmioWrite
mciSetDriverData
waveOutGetVolume
waveInClose
joySetCapture
auxGetNumDevs
WOW32DriverCallback
midiOutClose
waveOutPause
waveInGetID
waveOutGetPitch
waveInGetErrorTextA

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97a4af8a64dc024e522eab3056743b93

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winmm

Sections

.text Size: 180KB - Virtual size: 180KB

.data Size: 50KB - Virtual size: 49KB

.rsrc Size: 5KB - Virtual size: 552KB

.text
Size: 180KB - Virtual size: 180KB

.data
Size: 50KB - Virtual size: 49KB

.rsrc
Size: 5KB - Virtual size: 552KB