3b3333af248a2d4f75957eae0fc6693e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b3333af248a2d4f75957eae0fc6693e_JaffaCakes118
Size

1.7MB
MD5

3b3333af248a2d4f75957eae0fc6693e
SHA1

5d4fabfe22ec87319e5c87487c75b597268fe140
SHA256

a239bec92913b48938847be14667fba57cfa968db97ea47698616f2cab2c24e7
SHA512

cb758d59f42a2e002212b990bd906645ac3798f32b8213209daffd6e63a7f5d90080c77de92c7d6e58e4775dac33bfa163073ce02b6fbb65d7dac133953315f0
SSDEEP

24576:bwYsTNufYv6QHs55AR99atsqTOuEjIQB492+na3pA+5Du0gq8A:scwCiJqOTI2bOfA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b3333af248a2d4f75957eae0fc6693e_JaffaCakes118

Files

3b3333af248a2d4f75957eae0fc6693e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

67df12a9dfc6267c9a0e7e84d87f8971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegFlushKey
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ddraw

DirectDrawCreate
DirectDrawEnumerateA

dinput

DirectInputCreateA

dsound

DirectSoundCaptureCreate
DirectSoundCreate

gdi32

GetStockObject
GetDeviceCaps

kernel32

ResumeThread
WaitForMultipleObjectsEx
GetCurrentThread
GetCurrentProcess
CreateEventW
GetStringTypeA
RtlUnwind
HeapCreate
HeapDestroy
TlsGetValue
TlsAlloc
TlsSetValue
GetFileType
GetStdHandle
SetHandleCount
CloseProfileUserMapping
GetEnvironmentStrings
WideCharToMultiByte
AddAtomW
FreeEnvironmentStringsA
UnhandledExceptionFilter
MultiByteToWideChar
CreateDirectoryA
InterlockedIncrement
InterlockedDecrement
TerminateProcess
HeapFree
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapAlloc
GetModuleFileNameA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
GetVersion
GetCommandLineA
GetStartupInfoA
Sleep
GetCommState
SetCommState
GetOverlappedResult
PurgeComm
SetCommTimeouts
GetCommModemStatus
EscapeCommFunction
SetEndOfFile
UnmapViewOfFile
RaiseException
BackupSeek
CompareStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetEnvironmentVariableA
BeginUpdateResourceA
HeapSize
BackupSeek
LCMapStringA
VirtualProtect
GetDriveTypeA
SetFileAttributesA
GetDiskFreeSpaceA
GetProfileIntA
FreeLibrary
LoadLibraryA
GetCurrentThreadId
GetSystemDefaultLangID
GetLastError
CreateMutexA
GetTickCount
VirtualAlloc
VirtualFree
FindFirstFileA
FindNextFileA
FindClose
DuplicateHandle
SetFilePointer
QueryPerformanceCounter
SleepEx
HeapReAlloc
CreateThread
CloseHandle
TerminateThread
GetThreadPriority
SetThreadPriority
ExitThread
CreateEventA
SetEvent
GetCommProperties
ResetEvent
PulseEvent
SetLastError
GetModuleHandleA
DisableThreadLibraryCalls
GetProcAddress
ExitProcess
GlobalMemoryStatus
QueryPerformanceFrequency
GetLogicalDrives
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentDirectoryA
OutputDebugStringA
GetSystemInfo
GetVolumeInformationA
GetFullPathNameA
MapViewOfFile
GetLogicalDriveStringsA
SetCurrentDirectoryA
DeleteFileA
ReadFile
CreateFileMappingA
GetFileSize
CreateFileA
WriteFile

user32

GetWindowDC
GetForegroundWindow
CharUpperA
PostThreadMessageA
wsprintfA
AdjustWindowRect
GetKeyState
keybd_event
GetKeyboardType
GetWindowLongA
SetWindowPos
UnregisterClassA
AdjustWindowRectEx
CreateWindowExA
SetActiveWindow
DestroyWindow
GetMessageA
TranslateMessage
DispatchMessageA
IsIconic
BeginPaint
EndPaint
GetClientRect
PostQuitMessage
GetAsyncKeyState
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
LoadIconA
LoadCursorA
RegisterClassA
SystemParametersInfoA
DefWindowProcA
ClientToScreen
SetCursorPos
SendNotifyMessageA
PostMessageA
FindWindowA
ShowWindow
SetForegroundWindow
GetSystemMetrics
MessageBoxA
SetCursor
ShowCursor
GetWindowThreadProcessId
SendMessageA
GetDesktopWindow
ReleaseDC

winmm

timeEndPeriod
joyGetPosEx
joyGetNumDevs
joyGetDevCapsA
timeGetDevCaps
timeBeginPeriod
timeKillEvent
timeSetEvent

wsock32

WSACleanup
getsockname
bind
htons
closesocket
WSAStartup
sendto
recvfrom
select
ntohs
ioctlsocket
setsockopt
socket

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACODE
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 200KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

backlash
Size: 180KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67df12a9dfc6267c9a0e7e84d87f8971

Headers

File Characteristics

Imports

advapi32

ddraw

dinput

dsound

gdi32

kernel32

user32

winmm

wsock32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

PACODE Size: 4KB - Virtual size: 2KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 200KB - Virtual size: 739KB

backlash Size: 180KB - Virtual size: 200KB

.text
Size: 1.3MB - Virtual size: 1.3MB

PACODE
Size: 4KB - Virtual size: 2KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 200KB - Virtual size: 739KB

backlash
Size: 180KB - Virtual size: 200KB