27ba3a59f6edc09f60fd365c3d5265f4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27ba3a59f6edc09f60fd365c3d5265f4_JaffaCakes118
Size

172KB
MD5

27ba3a59f6edc09f60fd365c3d5265f4
SHA1

3848ac9b14444b36f8ec347c6f24c315fb2ed24b
SHA256

7307e890c040bedace8cb93b529c0da01f8acc773d561b6624c7d064f5f010e5
SHA512

2c5197aad398673a74ebcbfa2411980cfc5238ea661d6741f678b1e59f71519b35edf36272aeb172bc567c4f5ffe761f22d50a8d2ea284b4206c5a4029c33a64
SSDEEP

3072:zBhdTXxD8MrChHyynhQicxFZ9j9sw4teoDcaQQQ8zX3pJWIdt42IJesV:XxxD8QCo8q7Z9j9sw4tess8T585N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ba3a59f6edc09f60fd365c3d5265f4_JaffaCakes118

Files

27ba3a59f6edc09f60fd365c3d5265f4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e2bbc9388c1d49a2cb45dd6791946f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

BitBlt
GetDIBits
CreateDIBSection
DeleteDC
DeleteObject
StretchBlt
GetObjectW
CreateBitmap
SetBrushOrgEx
CreateDCW
CreateCompatibleBitmap
CreateSolidBrush
GetObjectType
SetBkColor
SelectObject
CreateCompatibleDC
SetStretchBltMode

kernel32

DeleteFileA
OutputDebugStringA
CreateDirectoryW
WaitNamedPipeA
GetModuleFileNameW
SetFileAttributesW
CloseHandle
EnterCriticalSection
DisableThreadLibraryCalls
GetVersionExA
GetTempFileNameW
InterlockedExchange
GetLastError
FindClose
Sleep
GetTempPathW
CopyFileA
SetFileAttributesA
ReadFile
CreateDirectoryA
OutputDebugStringW
GetLocaleInfoA
GetProcessAffinityMask
LocalFree
InterlockedDecrement
LeaveCriticalSection
DeleteFileW
InitializeCriticalSection
CreateMutexA
WideCharToMultiByte
FindFirstFileW
LocalAlloc
EnumResourceTypesW
SetFilePointer
GetACP
QueryPerformanceCounter
ReleaseMutex
WriteFile
GetTempFileNameA
DeleteCriticalSection
MulDiv
GetFileAttributesA
GetCurrentProcessId
GetModuleFileNameA
CreateFileA
TerminateProcess
FindNextFileW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
lstrlenW
lstrlenA
GetTickCount
GetCurrentThreadId
GetVersionExW
GetTempPathA
InterlockedIncrement
WaitForSingleObject
RemoveDirectoryW
FreeLibrary
GetSystemTime
GetThreadLocale
GetSystemTimeAsFileTime

advapi32

RegSetValueExA
RegSetValueW
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExA
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyW
RegDeleteKeyW
RegQueryValueExA
RegDeleteKeyA

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

GetClientRect
DispatchMessageW
PeekMessageW
ReleaseDC
TranslateMessage
FillRect
OffsetRect
GetDC
CopyRect
SetRectEmpty
wsprintfW
IsRectEmpty
GetWindowRect

shlwapi

PathIsDirectoryW
PathRenameExtensionW
PathFileExistsA
PathCombineW
PathAddBackslashW
PathRemoveBackslashW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e2bbc9388c1d49a2cb45dd6791946f5

Headers

File Characteristics

Imports

gdi32

kernel32

advapi32

winmm

avifil32

user32

shlwapi

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 66KB

.tls Size: 1024B - Virtual size: 256KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 66KB

.tls
Size: 1024B - Virtual size: 256KB