367eb6eb0f4b2c4b1f21e3708f7bc961_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

367eb6eb0f4b2c4b1f21e3708f7bc961_JaffaCakes118
Size

172KB
MD5

367eb6eb0f4b2c4b1f21e3708f7bc961
SHA1

58bdb4284c142bf5ac33431282a741531aa0d2a8
SHA256

e73c1bd2da341299b94deaed28069987539757bcd72934eae0a740fae239b5ec
SHA512

0e645b5ad150ac00a7734763c6eb3c9ac508e2fcb2c74a8d9a62803ffda345dede24bf9bc508f3ed09cc473d752458b8f8ca9c85e3c60d1bde8b0c216876a46e
SSDEEP

3072:vXyk0Uf6GNDeu+gY90RCGxNNUOU4s8tlvlCF2RKOoP0SmP/9MyrA9w95Wq4n:aKxd5Oa3zhs8tlvlzRihs/9F5Wq4n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
367eb6eb0f4b2c4b1f21e3708f7bc961_JaffaCakes118

Files

367eb6eb0f4b2c4b1f21e3708f7bc961_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa51cc599ad8250d333bae0b6543ca36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

StretchBlt
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDIBits
BitBlt
SetBrushOrgEx
DeleteObject
SetBkColor
GetObjectW
GetObjectType
CreateDCW
DeleteDC
CreateBitmap
CreateCompatibleBitmap
CreateSolidBrush
SetStretchBltMode

kernel32

WaitForMultipleObjects
OutputDebugStringA
QueryPerformanceCounter
InterlockedIncrement
SetFileAttributesW
WideCharToMultiByte
DeleteCriticalSection
LoadLibraryW
OutputDebugStringW
GetLocaleInfoA
GetModuleFileNameA
MulDiv
DisableThreadLibraryCalls
GetProcessPriorityBoost
GetTempFileNameA
CreateMutexA
GetCurrentThreadId
MultiByteToWideChar
CloseHandle
GetTickCount
GetTempPathW
LeaveCriticalSection
GetCurrentProcessId
LocalAlloc
WaitForSingleObject
lstrlenA
GetTempPathA
InitializeCriticalSection
GetACP
CreateDirectoryW
FindFirstFileW
GetThreadLocale
CreateDirectoryA
GetLastError
FindClose
DeleteFileA
EnumResourceTypesW
DeleteFileW
GetSystemTime
SetFileAttributesA
GetVersionExW
InterlockedDecrement
LocalFree
GetVersionExA
GetProcAddress
WriteFile
ExitProcess
Sleep
GetFileAttributesA
CopyFileA
RemoveDirectoryW
FindNextFileW
InterlockedExchange
lstrlenW
SetFilePointer
ReleaseMutex
ReadFile
CreateFileA
GetModuleFileNameW
GetTempFileNameW
EnterCriticalSection
FreeLibrary
GetSystemTimeAsFileTime

advapi32

RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegEnumKeyExW
RegCreateKeyW
RegCloseKey
RegSetValueW
RegDeleteKeyA

shlwapi

PathRenameExtensionW
PathRemoveBackslashW
PathFileExistsW
PathCombineW
PathAppendW
PathIsDirectoryW
PathAddBackslashW
PathFileExistsA
PathRemoveFileSpecW

user32

PeekMessageW
GetClientRect
ReleaseDC
SetRectEmpty
wsprintfW
GetDC
CopyRect
TranslateMessage
DispatchMessageW
FillRect
OffsetRect
IsRectEmpty
GetWindowRect

winmm

timeGetTime

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

avifil32

AVISaveOptions
AVIMakeCompressedStream

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa51cc599ad8250d333bae0b6543ca36

Headers

File Characteristics

Imports

gdi32

kernel32

advapi32

shlwapi

user32

winmm

ole32

avifil32

shell32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 66KB

.tls Size: 1024B - Virtual size: 256KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 66KB

.tls
Size: 1024B - Virtual size: 256KB