e1781288d509e970ab6bf78ca88259a3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e1781288d509e970ab6bf78ca88259a3_JaffaCakes118
Size

172KB
MD5

e1781288d509e970ab6bf78ca88259a3
SHA1

e5b101dcef4a9fadc608346e158cf04ea34adbd0
SHA256

1823d59953d6b8da5ef82c382b6b8ad9db4c62b92687aea5df1c6d3329dd396c
SHA512

b97533402ec10d32c2a38e6003ab4c9fee108ec51949538f36bff12b0ec0332605f550d57c761f5e2bbb145a8cb4283559ec7ecb21fe95fbcb795bea7d52fd5d
SSDEEP

3072:T0JA22FMtpvdgJEolzusinYpmc47eGFJGrg4LWZRnf8ZzShVOAkkx:T0B3tEGmzus43rTGs64S4p9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1781288d509e970ab6bf78ca88259a3_JaffaCakes118

Files

e1781288d509e970ab6bf78ca88259a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68e44d1b612fe68c77ce7be35d24bb63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageThumbnail
GdiplusShutdown
GdipAlloc
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDisposeImage
GdiplusStartup
GdipFree
GdipCloneImage

gdi32

GetDIBits
CreateDIBSection
SelectObject
RealizePalette
GetObjectW
SelectPalette
StretchDIBits
GetStockObject
CreateCompatibleDC
SetStretchBltMode
BitBlt

user32

PeekMessageW
GetQueueStatus
GetDC
SetParent
DispatchMessageW
PostThreadMessageW
RegisterWindowMessageW
EnableWindow
UnregisterClassW
TranslateMessage
KillTimer
wsprintfW
GetWindowRect
IsWindowVisible
ReleaseDC
wvsprintfW
SetTimer
UnregisterClassA
MsgWaitForMultipleObjects

winmm

waveInGetNumDevs
mixerSetControlDetails
mixerOpen
mixerGetControlDetailsW
mixerGetNumDevs
mixerGetLineControlsW
timeSetEvent
timeGetTime
mixerGetLineInfoW
waveInGetDevCapsW
mixerClose
mixerGetDevCapsW

kernel32

InterlockedDecrement
DuplicateHandle
PrivCopyFileExW
RaiseException
GlobalAlloc
GetCurrentThreadId
GetVersionExA
ProcessIdToSessionId
ResetEvent
GetThreadPriority
DisableThreadLibraryCalls
GetModuleFileNameW
OutputDebugStringW
InterlockedIncrement
CloseHandle
lstrcmpW
GetCurrentProcessId
EnterCriticalSection
WaitForMultipleObjects
GetTickCount
InterlockedExchange
GetCurrentThread
SetEvent
WriteFile
GetProcessId
SetThreadPriority
lstrcpynW
CreateThread
lstrcmpiW
FreeLibrary
QueryPerformanceCounter
lstrlenA
GetACP
GlobalReAlloc
CreateFileW
EnumResourceTypesA
MultiByteToWideChar
InitializeCriticalSection
GetSystemInfo
VirtualFree
GetLocaleInfoA
LocalAlloc
GlobalUnlock
ExitProcess
GetLastError
ReleaseSemaphore
GetSystemTimeAsFileTime
lstrcpyW
GlobalFree
lstrlenW
Sleep
GlobalLock
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
GetProcAddress
CreateSemaphoreW
GetCurrentProcess
VirtualAlloc
LocalFree
CreateEventW
LoadLibraryW
GetModuleHandleW
GetThreadLocale
GetVersionExW
GetModuleFileNameA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68e44d1b612fe68c77ce7be35d24bb63

Headers

File Characteristics

Imports

gdiplus

gdi32

user32

winmm

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 64KB - Virtual size: 64KB

.tls Size: 1024B - Virtual size: 240KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 64KB - Virtual size: 64KB

.tls
Size: 1024B - Virtual size: 240KB