2d79f9956fab567094ea6ea8cd7ebea9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d79f9956fab567094ea6ea8cd7ebea9_JaffaCakes118
Size

5.7MB
MD5

2d79f9956fab567094ea6ea8cd7ebea9
SHA1

d77dac1b9fab70b65a6fce9ea23c40b9263c408a
SHA256

a864e035c549a4545e1f8d4da4d62c1969a2cfe33a2e2f1ebf19b33caa54dc25
SHA512

a88b614f3273d4ae3a07e1e74259df50f654da0e27a276edcb4a368e0423fee44c17986fbd1fc2b71cf02cac5f85d410a3273c86fbb373b32404509a87149142
SSDEEP

12288:91ImV2yh5O/tQxn1GGgKuX8Hqbp1ADFedWdZQrcuXB/CDW6:HImV2YOVC1GGgKuXyc11Wd2r96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d79f9956fab567094ea6ea8cd7ebea9_JaffaCakes118

Files

2d79f9956fab567094ea6ea8cd7ebea9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df6099ee3c3ff0d2c4753d33ce499e4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\Breakshot\Release\Breakshot.pdb

Imports

advapi32

RegQueryValueExA
RegOpenKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

ddraw

DirectDrawCreate

dinput

DirectInputCreateA

gdi32

CreateDIBSection
SetTextColor
SetBkColor
SetTextAlign
SetMapMode
CreateFontW
CreateFontA
SelectObject
GetTextExtentPoint32W
GetTextExtentPoint32A
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC

kernel32

InterlockedIncrement
MulDiv
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceA
GetNumberFormatA
QueryPerformanceCounter
QueryPerformanceFrequency
FindFirstFileA
MultiByteToWideChar
lstrlen
WideCharToMultiByte
LocalFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
SetFilePointer
GetFileType
GetStdHandle
Sleep
ReadFile
FlushFileBuffers
WriteFile
SetUnhandledExceptionFilter
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RaiseException
ExitProcess
RtlUnwind
VirtualProtect
VirtualLock
OpenFile
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TerminateThread
CreateThread
SetThreadPriority
LoadLibraryA
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
InterlockedDecrement
IsBadWritePtr
HeapSize
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
VirtualAlloc
GetStringTypeW
SetStdHandle
CreateFileA
GetSystemInfo
VirtualQuery
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetCurrentThreadId
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LockResource

msacm32

acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmFormatSuggest
acmStreamOpen

oleaut32

SysAllocString
SysFreeString
VariantClear

shell32

ShellExecuteA

user32

ReleaseDC
CharLowerBuffA
GetActiveWindow
GetAsyncKeyState
GetSystemMetrics
SetForegroundWindow
ShowWindow
FindWindowA
GetWindowLongA
SetWindowLongA
ShowCursor
ScreenToClient
GetCursorPos
ClipCursor
SetCursorPos
ClientToScreen
SystemParametersInfoA
GetClientRect
OffsetRect
GetMenu
AdjustWindowRectEx
SetRect
SendMessageA
wsprintfA
PostQuitMessage
DrawTextA
GetWindowRect
IsIconic
MapVirtualKeyA
UnregisterClassA
DestroyWindow
GetDesktopWindow
GetDC
DrawTextW
DispatchMessageA
PeekMessageA
TranslateMessage
GetMessageA
WaitMessage
MessageBoxA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
AdjustWindowRect
SetWindowPos
UpdateWindow
DefWindowProcA

winmm

waveOutGetDevCapsA
timeGetTime
waveOutGetNumDevs
waveOutOpen
waveInReset
waveInClose
waveInOpen
waveInStart
waveInGetNumDevs
waveInGetDevCapsA
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveOutGetPosition
waveOutReset
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutClose

ole32

CLSIDFromString
CoUninitialize
CoCreateInstance
CoInitialize

Exports

Exports

?CalculateFontTextureWidthHeight@@YAXPBG0JHH_N1PAH2@Z
?CalculateMessageTextureWidthHeight@@YAXPBG0JHH_N1PAH2@Z
?ConvertToAnsi@@YAXPAGJPAD@Z
?ConvertToUnicode@@YA_NPBXJPAX@Z
?CreateFontTextureWithMap@@YAXPBG0JPAKHH_N2HHPAUtagRECT@@@Z
?CreateMessageTexture@@YAXPBG0JPAKHH_N2HHH@Z
?GetRequiredUnicodeSize@@YAJPBXJ@Z
?GetUnicodeLine@@YAPAGPBXJHPAJ@Z
?GetUnicodeLineLength@@YAJPBXJH@Z

Sections

.text
Size: 656KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4.1MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pfurk
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df6099ee3c3ff0d2c4753d33ce499e4d

Headers

File Characteristics

PDB Paths

Imports

advapi32

ddraw

dinput

gdi32

kernel32

msacm32

oleaut32

shell32

user32

winmm

ole32

Exports

Exports

Sections

.text Size: 656KB - Virtual size: 660KB

.rdata Size: 75KB - Virtual size: 76KB

.data Size: 4.1MB - Virtual size: 4.9MB

.rsrc Size: 4KB - Virtual size: 4KB

.pfurk Size: 12KB - Virtual size: 42KB

.text
Size: 656KB - Virtual size: 660KB

.rdata
Size: 75KB - Virtual size: 76KB

.data
Size: 4.1MB - Virtual size: 4.9MB

.rsrc
Size: 4KB - Virtual size: 4KB

.pfurk
Size: 12KB - Virtual size: 42KB