17832eb38387c316670abd84f093f051_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17832eb38387c316670abd84f093f051_JaffaCakes118
Size

176KB
MD5

17832eb38387c316670abd84f093f051
SHA1

eb13a8dc24877aa5ff9eb22d953694c24216709f
SHA256

c5d8c29543f8aa4be142439a20c0ab11197f3bd08a4acbc715638d4ee442694f
SHA512

242d62245254e35877c891bfd3e8ccbd84f1dfce8b09e423b9f54ef539aa1d80d68e8f946f266a899fbceb90bce4d79f5588de7e0012ee7ce8477513fda8dbb7
SSDEEP

1536:pHo/wUN2XPrUGiyS6iUbxYaMnuYVHuBEfbfa3Ddd/XVWQ/sx8GuyqFxCvFv5x30x:64NPAGKve+FMaszlWQ/y8IFv5x3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17832eb38387c316670abd84f093f051_JaffaCakes118

Files

17832eb38387c316670abd84f093f051_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cb43b73bbf746a0148effd9bf7bd9973

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\GSoft\SBER\TetrisGame\Tetris.PDB

Imports

kernel32

lstrcmpiW
GlobalSize
lstrcpynW
HeapDestroy
LoadLibraryExW
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcess
lstrcmpiA
DisableThreadLibraryCalls
InterlockedDecrement
GetLastError
TlsAlloc
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
TerminateProcess
FreeLibrary
lstrcmpW
IsBadWritePtr
SizeofResource
GlobalFree
GetCurrentThreadId
SetLastError
GetCurrentProcessId
FindResourceA
GetTickCount
GlobalLock
WideCharToMultiByte
EnterCriticalSection
lstrlenA
FindResourceW
GetSystemTimeAsFileTime
QueryPerformanceCounter
lstrcmpA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GlobalReAlloc

user32

CharNextW
InvalidateRect
GetKeyState
LoadStringA
IsWindow
SetFocus
LoadStringW
SetRect
GetParent
GetWindowLongA
IsCharAlphaA
ReleaseDC
GetClientRect
LoadBitmapA
LoadCursorW
IsCharAlphaW
SetCursor
GetWindowLongW
IsCharAlphaNumericW
GetDC

gdi32

CreatePatternBrush
SelectObject
DeleteObject
SetWindowOrgEx
PatBlt

advapi32

RegOpenKeyExW
RegEnumKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyA
RegSetValueExA
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
OleRegGetUserType
GetHGlobalFromStream
CoTaskMemFree
CoCreateInstance
StringFromCLSID

ws2_32

WSAStartup
ioctlsocket

msvcrt

wcsncmp
wcsrchr
wcsncpy
wcscpy
realloc
iswupper
wcslen
memset
srand
time
wcschr
iswdigit
wcstok
wcsstr
memmove
wcspbrk
qsort
iswspace
free
wcscat
wcstoul

Exports

Exports

Pornograp1hy
deseEfgg

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb43b73bbf746a0148effd9bf7bd9973

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

ws2_32

msvcrt

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 120KB - Virtual size: 328KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 120KB - Virtual size: 328KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB