c990aa83493b0462579815e5f1fdd19e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c990aa83493b0462579815e5f1fdd19e_JaffaCakes118
Size

175KB
MD5

c990aa83493b0462579815e5f1fdd19e
SHA1

7b14cdadb97d7bb6b298db1c3d0b72c1133d227a
SHA256

b83e9e35e9ceeb009a09a01703378cbee25d6bb5369dafb4ca9d6203320690cd
SHA512

713e43230457c0a5665951cf94cf7e37451574906ea659cdfb18b9b4c2a64f0d4f41df67d79b39a08546d4004d3b6ea8c65736cf8db7b2db1e53528f69a33b05
SSDEEP

3072:HusSckHAIrwX1nR3+TuumXk7Qyc/Lac8xyZlld7rqbKB:HuF3ghXxR3+Sg7Qyc/x8Ir7rY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c990aa83493b0462579815e5f1fdd19e_JaffaCakes118

Files

c990aa83493b0462579815e5f1fdd19e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e6689a3adab3c7e64304071eb1711f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoUninitialize
CoFreeUnusedLibraries
StgOpenStorage
StgCreateDocfile
CoTaskMemAlloc
CreateItemMoniker
StringFromGUID2
GetRunningObjectTable
CoCreateInstance
CoInitialize
CoSetProxyBlanket
CoTaskMemFree

gdi32

BitBlt
DeleteDC
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
SelectObject
GetStockObject
CreateDCA
GetObjectA
CreateDIBSection
DeleteObject
PatBlt
SetStretchBltMode
SetDIBits

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

AttachThreadInput
DispatchMessageA
PeekMessageA
SetRect
ReleaseDC
BringWindowToTop
RegisterClassA
IsWindow
GetDC
wsprintfA
PostMessageA
GetClientRect
GetDesktopWindow
TranslateMessage
SendMessageA
FillRect
EnableWindow
InflateRect
DefWindowProcA
CopyRect
EqualRect
InvalidateRect
SetParent
UnregisterClassA

kernel32

CreateFileA
GetCurrentThreadId
GetVolumeInformationA
GetSystemTimeAsFileTime
CreateMutexA
WideCharToMultiByte
GlobalUnlock
WaitForMultipleObjectsEx
GetLastError
GlobalFree
GetProcessId
InterlockedDecrement
DisableThreadLibraryCalls
Sleep
DeviceIoControl
CopyFileA
GetFileSize
CloseHandle
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointer
DeleteFileA
ReadFile
EnumResourceTypesW
GetTempFileNameA
VirtualFree
InterlockedIncrement
WaitForSingleObject
SetFileAttributesA
ExitProcess
CreateFileW
lstrlenA
GetCurrentProcessId
GetTickCount
GetSystemTime
GetModuleFileNameW
GetFileAttributesA
DeleteCriticalSection
MultiByteToWideChar
LocalFree
GetVersionExA
GetTempPathA
CreateDirectoryA
LocalAlloc
ReleaseMutex
InitializeCriticalSection
VirtualAlloc
GlobalLock
FreeLibrary

advapi32

RegSetValueA
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExW
RegEnumKeyExA
RegCloseKey
RegCreateKeyA
RegSetValueExA

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e6689a3adab3c7e64304071eb1711f3

Headers

File Characteristics

Imports

ole32

gdi32

avifil32

user32

kernel32

advapi32

shlwapi

shell32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 68KB - Virtual size: 67KB

.tls Size: 1024B - Virtual size: 380KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 68KB - Virtual size: 67KB

.tls
Size: 1024B - Virtual size: 380KB