e56bd279edd15266f11a5e3bb081e104_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e56bd279edd15266f11a5e3bb081e104_JaffaCakes118
Size

164KB
MD5

e56bd279edd15266f11a5e3bb081e104
SHA1

84b61f645ea8e3d7cae0218bab928364b76dcf13
SHA256

d1f3de6e126cf7c820584a2e831c1173c94ca71683f4909fefa57da860c729ab
SHA512

9b51ab6c78c4dc7560c4e41daa3ed3f95d8092b95af334d9f1904edc08b5622f194e2341e21feaa34ac319e646a8fb8d25e3a0f87068481c4e52d9271f80bdbf
SSDEEP

3072:ENKOAQ+iq4PLId7Uqxo09anlkupJjcdMScUITd3h+YI:EgmzTINXdotJBScPxox

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e56bd279edd15266f11a5e3bb081e104_JaffaCakes118

Files

e56bd279edd15266f11a5e3bb081e104_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d37df85ae6724024c48d7ad18b69634

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

kernel32

ReleaseMutex
GetTempFileNameA
SetFileAttributesA
WaitForMultipleObjects
GlobalFree
InterlockedDecrement
WideCharToMultiByte
InitializeCriticalSection
GetModuleFileNameA
GetTickCount
DeviceIoControl
DeleteCriticalSection
GlobalUnlock
GetPriorityClass
GetFileSize
GetSystemTimeAsFileTime
GetVersionExA
GetFileAttributesA
Sleep
InterlockedIncrement
VirtualAlloc
EnumResourceTypesW
QueryPerformanceCounter
lstrlenA
CloseHandle
GetSystemTime
CreateMutexA
GetCurrentProcessId
LocalFree
DeleteFileA
ExitProcess
ReadFile
GetVolumeInformationA
GetTempPathA
CreateDirectoryA
WaitForSingleObject
GetModuleFileNameW
CreateFileA
LocalAlloc
DisableThreadLibraryCalls
SetFilePointer
MultiByteToWideChar
VirtualFree
GlobalLock
GetLastError
CopyFileA
GetCurrentThreadId
CreateFileW
FreeLibrary

user32

FillRect
GetDesktopWindow
GetClientRect
EqualRect
GetDC
TranslateMessage
DispatchMessageA
IsWindow
RegisterClassA
AttachThreadInput
SetRect
EnableWindow
SetParent
SendMessageA
DefWindowProcA
InflateRect
BringWindowToTop
InvalidateRect
CopyRect
ReleaseDC
wsprintfA
PeekMessageA
PostMessageA
UnregisterClassA

avifil32

AVISaveOptions
AVIMakeCompressedStream

gdi32

BitBlt
DeleteDC
SetStretchBltMode
CreateCompatibleBitmap
PatBlt
GetObjectA
CreateCompatibleDC
CreateDIBSection
StretchBlt
CreateDCA
DeleteObject
GetStockObject
SelectObject
SetDIBits

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d37df85ae6724024c48d7ad18b69634

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

avifil32

gdi32

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 2KB - Virtual size: 2KB

.bss Size: 62KB - Virtual size: 61KB

.tls Size: 1024B - Virtual size: 100KB

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: 62KB - Virtual size: 61KB

.tls
Size: 1024B - Virtual size: 100KB