96fab9b48d7e94db87ead77e961086f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

96fab9b48d7e94db87ead77e961086f3_JaffaCakes118
Size

175KB
MD5

96fab9b48d7e94db87ead77e961086f3
SHA1

135fafb971d5a6e540d698a6804b7dbebab8c1d5
SHA256

b858f237f53a099f46436192c2a9e2511398f0c965614bd5e508263468727a80
SHA512

fe243073586dbd5e02c42b5ba715d085400ae579b87cf973b1e26641d171ab84971e7ec49871bbeaae77513c7a8fa8c7b897193888eab28c1eac8c23778e6b8d
SSDEEP

3072:jVnhoJa7IA920l8h1wPyna9DQ/1ASVQsWwuPFcLwY5Q3z0zO6B:jXuZA7yhyP3Q/lQs9EFCUCO6B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
96fab9b48d7e94db87ead77e961086f3_JaffaCakes118

Files

96fab9b48d7e94db87ead77e961086f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

951910995276cc3e7f419e4ccd5ec4e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgOpenStorage
CoFreeUnusedLibraries
CreateItemMoniker
CoUninitialize
StgCreateDocfile
CoInitialize
StringFromGUID2
GetRunningObjectTable
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

gdi32

CreateCompatibleBitmap
GetObjectA
CreateDCA
CreateCompatibleDC
BitBlt
StretchBlt
SelectObject
DeleteObject
SetStretchBltMode
GetStockObject
PatBlt
DeleteDC
CreateDIBSection
SetDIBits

avifil32

AVISaveOptions
AVIMakeCompressedStream

kernel32

GetCurrentThreadId
GetCurrentProcessId
CreateFileA
GlobalFree
QueryPerformanceCounter
WaitForMultipleObjectsEx
GetModuleFileNameW
ReadFile
GetTempFileNameA
VirtualAlloc
lstrlenA
GetVersionExA
DeviceIoControl
GetProcessId
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
LocalAlloc
CreateMutexA
GetTempPathA
GetSystemTimeAsFileTime
EnumResourceTypesW
CreateDirectoryA
GetFileAttributesA
GlobalUnlock
GetTickCount
GetFileSize
VirtualFree
WaitForSingleObject
WideCharToMultiByte
SetFileAttributesA
CloseHandle
CopyFileA
Sleep
GetModuleFileNameA
ExitProcess
InterlockedDecrement
DeleteFileA
GetSystemTime
InterlockedIncrement
GetLastError
GlobalLock
MultiByteToWideChar
DeleteCriticalSection
GetVolumeInformationA
CreateFileW
SetFilePointer
ReleaseMutex
FreeLibrary

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

advapi32

RegCreateKeyA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderPathA

user32

CopyRect
InflateRect
IsWindow
wsprintfA
ReleaseDC
SetRect
InvalidateRect
DispatchMessageA
SetParent
GetDesktopWindow
GetClientRect
BringWindowToTop
AttachThreadInput
TranslateMessage
EqualRect
FillRect
EnableWindow
DefWindowProcA
GetDC
PeekMessageA
RegisterClassA
PostMessageA
SendMessageA
UnregisterClassA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

951910995276cc3e7f419e4ccd5ec4e2

Headers

File Characteristics

Imports

ole32

gdi32

avifil32

kernel32

shlwapi

advapi32

shell32

user32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 70KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 380KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 70KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 380KB