JaffaCakes118_1f893827c86f656ed62f6e7cbd46cbf0

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1f893827c86f656ed62f6e7cbd46cbf0
Size

182KB
MD5

1f893827c86f656ed62f6e7cbd46cbf0
SHA1

b23c725346b5d270f3fecdd0ba0b9df73829916f
SHA256

7c0d6d06819983b999dae6d9ef7a50b216df20e86f3c5e5c332805bbe4a65307
SHA512

c9f1472098655f645adebee272a8725f1bb893f5405e5aaf97448a2fc85cd3f9b1435649001bf60678f2d97e9876937992714588034ae8ea49ff640aa03d7ba8
SSDEEP

3072:ezxvyc3GHS+6kbVWBzESJtAqY6uZTwXjLe+9kzdoC6QGY8eDEH+VbY:gxvVWHSjk5WBztY6uZEXjLe2kzOC6m81

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1f893827c86f656ed62f6e7cbd46cbf0

Files

JaffaCakes118_1f893827c86f656ed62f6e7cbd46cbf0
.exe windows:4 windows x86 arch:x86

9ac43b3f61c6854810edf669aecd2839

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ReleaseDC
IsWindow
InvalidateRect
PeekMessageA
GetDC
SendMessageA
RegisterClassA
FillRect
InflateRect
DispatchMessageA
wsprintfA
SetParent
EnableWindow
EqualRect
CopyRect
DefWindowProcA
PostMessageA
GetDesktopWindow
TranslateMessage
SetRect
GetClientRect
BringWindowToTop
AttachThreadInput
UnregisterClassA

gdi32

DeleteDC
DeleteObject
SetStretchBltMode
GetStockObject
StretchBlt
SelectObject
CreateDIBSection
GetObjectA
PatBlt
CreateCompatibleDC
BitBlt
CreateDCA
CreateCompatibleBitmap
SetDIBits

kernel32

GetModuleFileNameA
WideCharToMultiByte
GetModuleFileNameW
CopyFileA
VirtualFree
CloseHandle
CreateFileA
WaitForMultipleObjectsEx
LocalAlloc
DeleteFileA
ReadFile
GetTickCount
SetFilePointer
GlobalUnlock
DeviceIoControl
CreateFileW
WaitForSingleObject
GetProcessId
VirtualAlloc
GetVolumeInformationA
GetTempFileNameA
GetFileSize
GetLastError
EnumResourceTypesW
GlobalFree
CreateDirectoryA
InitializeCriticalSection
Sleep
GetCurrentThreadId
MultiByteToWideChar
GlobalLock
GetSystemTimeAsFileTime
GetTempPathA
ExitProcess
SetFileAttributesA
LocalFree
lstrlenA
GetSystemTime
GetFileAttributesA
InterlockedIncrement
DisableThreadLibraryCalls
GetVersionExA
GetCurrentProcessId
ReleaseMutex
CreateMutexA
InterlockedDecrement
QueryPerformanceCounter
DeleteCriticalSection
FreeLibrary

shell32

SHGetSpecialFolderPathA

ole32

CreateItemMoniker
CoCreateInstance
CoTaskMemAlloc
CoSetProxyBlanket
CoFreeUnusedLibraries
CoInitialize
GetRunningObjectTable
StgOpenStorage
StringFromGUID2
CoUninitialize
StgCreateDocfile
CoTaskMemFree

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

advapi32

RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyExW
RegEnumKeyExA
RegQueryValueExW
RegSetValueA
RegQueryValueExA
RegCloseKey
RegSetValueExA

avifil32

AVISaveOptions
AVIMakeCompressedStream

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ac43b3f61c6854810edf669aecd2839

Headers

File Characteristics

Imports

user32

gdi32

kernel32

shell32

ole32

shlwapi

advapi32

avifil32

Sections

.text Size: 107KB - Virtual size: 107KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 124KB

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 124KB