f502eef7ce2c0ea0f307511cbf71522b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f502eef7ce2c0ea0f307511cbf71522b_JaffaCakes118
Size

167KB
MD5

f502eef7ce2c0ea0f307511cbf71522b
SHA1

b0b8066f19911657405038497b5b917fda94d0f9
SHA256

bd68874a269bc8bc1d288363fe8fa5c8eabed3c68c559881250d75714e9e2dc2
SHA512

e61c82e2fcb9657e5a76277c4979d767bb5f10829fffb21d008a093774e2fedfb53f9bf894521bfc2900d42265c49cc553a4f7543185f78dfdc661cd81f7d5eb
SSDEEP

3072:qZDtpSLETxfdEH3qxyXSGMCa6IXWThRsZz6K/Hqm0v:kWCfdAqxyiGMBGhRtgHJm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f502eef7ce2c0ea0f307511cbf71522b_JaffaCakes118

Files

f502eef7ce2c0ea0f307511cbf71522b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5b3e6cbc1c82b9f9b6df8510751c8a70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVISaveOptions
AVIMakeCompressedStream

ole32

StringFromGUID2
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize

user32

CopyRect
FillRect
ReleaseDC
SetRectEmpty
GetDC
GetClientRect
IsRectEmpty
TranslateMessage
PeekMessageW
DispatchMessageW
wsprintfW
OffsetRect
GetWindowRect

gdi32

CreateDIBSection
GetDIBits
SetBrushOrgEx
SelectObject
CreateCompatibleDC
BitBlt
GetObjectW
StretchBlt
GetObjectType
CreateSolidBrush
DeleteObject
SetBkColor
CreateCompatibleBitmap
DeleteDC
CreateBitmap
CreateDCW
SetStretchBltMode

winmm

timeGetTime

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathIsDirectoryW
PathFileExistsA
PathRenameExtensionW
PathFileExistsW
PathCombineW
PathAppendW
PathRemoveFileSpecW

advapi32

RegOpenKeyExW
RegSetValueW
RegSetValueExA
RegCreateKeyW
RegCloseKey
RegOpenKeyExA
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyW
RegDeleteKeyA

kernel32

EnterCriticalSection
MultiByteToWideChar
SetFileAttributesA
WaitForMultipleObjects
GetTempPathA
CreateFileA
GetModuleFileNameA
CopyFileA
LocalFree
GetSystemTime
GetLocaleInfoA
GetACP
FindClose
QueryPerformanceCounter
WideCharToMultiByte
GetTickCount
CloseHandle
ReleaseMutex
GetProcessPriorityBoost
SetFilePointer
InterlockedIncrement
FindFirstFileW
LoadLibraryW
GetTempFileNameW
DisableThreadLibraryCalls
WriteFile
InterlockedExchange
CreateDirectoryA
LocalAlloc
EnumResourceTypesW
ReadFile
lstrlenA
GetLastError
Sleep
OutputDebugStringA
CreateMutexA
GetModuleFileNameW
GetThreadLocale
FreeLibrary
GetVersionExA
SetFileAttributesW
DeleteFileW
MulDiv
ExitProcess
GetTempPathW
GetCurrentThreadId
WaitForSingleObject
DeleteFileA
InitializeCriticalSection
RemoveDirectoryW
FindNextFileW
GetVersionExW
GetFileAttributesA
DeleteCriticalSection
GetTempFileNameA
GetCurrentProcessId
InterlockedDecrement
CreateDirectoryW
OutputDebugStringW
lstrlenW
LeaveCriticalSection
GetProcAddress
GetSystemTimeAsFileTime

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b3e6cbc1c82b9f9b6df8510751c8a70

Headers

File Characteristics

Imports

avifil32

ole32

user32

gdi32

winmm

shlwapi

advapi32

kernel32

shell32

Sections

.text Size: 95KB - Virtual size: 95KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 65KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 95KB - Virtual size: 95KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 65KB

.tls
Size: 1024B - Virtual size: 104KB