e02574befc9fe1ccc10486f54caf28af_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e02574befc9fe1ccc10486f54caf28af_JaffaCakes118
Size

182KB
MD5

e02574befc9fe1ccc10486f54caf28af
SHA1

5aa2a665f0e1061ca62ef373226b714a776640eb
SHA256

5973ee91578b37d5b391d4a4d812db9c930fe7532c68a389e3428b8cb71fe0d2
SHA512

9daa2f10c67e8224dd4fd61a6342fc3969103cf1c0385a294b838a9ceb5ec24c8b576053f227e1d10550387218dadad47246548851848ec73f3b36b32f83c988
SSDEEP

3072:wJVqamU0XhVZ30VxtqFZjqV4vw/1v9SvMTBB1E3faf3OLYUku/7zTi0F:4LmUwZ3Uaw/PSvMTJE3famMu/Li0F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e02574befc9fe1ccc10486f54caf28af_JaffaCakes118

Files

e02574befc9fe1ccc10486f54caf28af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

951910995276cc3e7f419e4ccd5ec4e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgOpenStorage
CoFreeUnusedLibraries
CreateItemMoniker
CoUninitialize
StgCreateDocfile
CoInitialize
StringFromGUID2
GetRunningObjectTable
CoSetProxyBlanket
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

gdi32

CreateCompatibleBitmap
GetObjectA
CreateDCA
CreateCompatibleDC
BitBlt
StretchBlt
SelectObject
DeleteObject
SetStretchBltMode
GetStockObject
PatBlt
DeleteDC
CreateDIBSection
SetDIBits

avifil32

AVISaveOptions
AVIMakeCompressedStream

kernel32

GetCurrentThreadId
GetCurrentProcessId
CreateFileA
GlobalFree
QueryPerformanceCounter
WaitForMultipleObjectsEx
GetModuleFileNameW
ReadFile
GetTempFileNameA
VirtualAlloc
lstrlenA
GetVersionExA
DeviceIoControl
GetProcessId
InitializeCriticalSection
DisableThreadLibraryCalls
LocalFree
LocalAlloc
CreateMutexA
GetTempPathA
GetSystemTimeAsFileTime
EnumResourceTypesW
CreateDirectoryA
GetFileAttributesA
GlobalUnlock
GetTickCount
GetFileSize
VirtualFree
WaitForSingleObject
WideCharToMultiByte
SetFileAttributesA
CloseHandle
CopyFileA
Sleep
GetModuleFileNameA
ExitProcess
InterlockedDecrement
DeleteFileA
GetSystemTime
InterlockedIncrement
GetLastError
GlobalLock
MultiByteToWideChar
DeleteCriticalSection
GetVolumeInformationA
CreateFileW
SetFilePointer
ReleaseMutex
FreeLibrary

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

advapi32

RegCreateKeyA
RegQueryValueExA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyExA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA

shell32

SHGetSpecialFolderPathA

user32

CopyRect
InflateRect
IsWindow
wsprintfA
ReleaseDC
SetRect
InvalidateRect
DispatchMessageA
SetParent
GetDesktopWindow
GetClientRect
BringWindowToTop
AttachThreadInput
TranslateMessage
EqualRect
FillRect
EnableWindow
DefWindowProcA
GetDC
PeekMessageA
RegisterClassA
PostMessageA
SendMessageA
UnregisterClassA

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

951910995276cc3e7f419e4ccd5ec4e2

Headers

File Characteristics

Imports

ole32

gdi32

avifil32

kernel32

shlwapi

advapi32

shell32

user32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 73KB - Virtual size: 73KB

.tls Size: 1024B - Virtual size: 124KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 73KB - Virtual size: 73KB

.tls
Size: 1024B - Virtual size: 124KB