JaffaCakes118_1d84a58107f14665796825fb3a591626

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1d84a58107f14665796825fb3a591626
Size

172KB
MD5

1d84a58107f14665796825fb3a591626
SHA1

5e8a80b7b2e232c14560f5ef2d045201c3020c4d
SHA256

7117f400389daec3eed71922bcf812fbd7c5699e4bc30a5aba2baa46509e7e9b
SHA512

4bcaf37f291a8be779423a962515de6aa757f17f7927e41e9bf011df78b0fe887fb951e18599d5da339bfbd59c938da8fafae890885482447051f92be9b417d2
SSDEEP

3072:dJvAiEkcg1eXOsjktHOSMcgen1+1mE0y7P59SC92pSgMpHPqX2GtUN2MP0scUCzQ:dJvAiErGSgtNE1b7B9SC92zf2G2NMscV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1d84a58107f14665796825fb3a591626

Files

JaffaCakes118_1d84a58107f14665796825fb3a591626
.exe windows:4 windows x86 arch:x86

50391b5b02daf8f4fe8b8df36fb78c77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegOpenKeyExW
RegSetValueExA
RegCreateKeyW
RegSetValueW
RegQueryValueExA
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExA
RegDeleteKeyA

winmm

timeGetTime

ole32

StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathAppendW
PathFileExistsW
PathAddBackslashW
PathRenameExtensionW
PathCombineW
PathRemoveBackslashW
PathIsDirectoryW
PathFileExistsA
PathRemoveFileSpecW

avifil32

AVISaveOptions
AVIMakeCompressedStream

user32

ReleaseDC
DispatchMessageW
OffsetRect
FillRect
wsprintfW
CopyRect
SetRectEmpty
GetDC
TranslateMessage
PeekMessageW
IsRectEmpty
GetClientRect
GetWindowRect

gdi32

SelectObject
CreateSolidBrush
BitBlt
CreateBitmap
GetDIBits
CreateCompatibleBitmap
GetObjectType
DeleteDC
DeleteObject
SetBrushOrgEx
CreateDIBSection
StretchBlt
CreateCompatibleDC
GetObjectW
CreateDCW
SetBkColor
SetStretchBltMode

kernel32

CopyFileA
lstrlenW
GetTempPathW
LocalAlloc
GetLastError
WaitForMultipleObjects
InterlockedIncrement
SetFilePointer
Sleep
FindNextFileW
QueryPerformanceCounter
WideCharToMultiByte
LoadLibraryW
DeleteCriticalSection
CreateDirectoryW
GetModuleFileNameW
GetProcessPriorityBoost
CloseHandle
GetTempPathA
SetFileAttributesW
GetCurrentThreadId
CreateFileA
GetTempFileNameW
GetCurrentProcessId
lstrlenA
GetVersionExW
InterlockedDecrement
FindFirstFileW
RemoveDirectoryW
GetTickCount
GetProcAddress
EnumResourceTypesW
DisableThreadLibraryCalls
WriteFile
GetSystemTime
GetVersionExA
GetThreadLocale
ReleaseMutex
GetFileAttributesA
GetTempFileNameA
InitializeCriticalSection
CreateDirectoryA
GetACP
InterlockedExchange
MultiByteToWideChar
GetLocaleInfoA
DeleteFileA
ExitProcess
FreeLibrary
GetModuleFileNameA
WaitForSingleObject
MulDiv
EnterCriticalSection
LocalFree
SetFileAttributesA
OutputDebugStringW
ReadFile
LeaveCriticalSection
DeleteFileW
CreateMutexA
OutputDebugStringA
FindClose
GetSystemTimeAsFileTime

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50391b5b02daf8f4fe8b8df36fb78c77

Headers

File Characteristics

Imports

shell32

advapi32

winmm

ole32

shlwapi

avifil32

user32

gdi32

kernel32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 66KB

.tls Size: 1024B - Virtual size: 252KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 66KB

.tls
Size: 1024B - Virtual size: 252KB