JaffaCakes118_35adbd0f7519da1db22377abc59a75e2

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_35adbd0f7519da1db22377abc59a75e2
Size

166KB
MD5

35adbd0f7519da1db22377abc59a75e2
SHA1

54d9f096b54c096d94a65b0b8ad74d165c707e20
SHA256

763c1a4a1ccc245e865d8a6a3d35d5465cb7f918ccd995780fa88d8ca50c5834
SHA512

807b4b061acbc792e87a9ab35de8906fbdea967789dc21192c314b32568b9dd4f68f9cd40a5a80ef2aa452cd416b6f7a19ae84aa5dcf6c9c3961c434a9ac9ecf
SSDEEP

3072:QY3CgD7vPijqB4gd3TYuRuu3ymX1aNN6aSJg0RAQs9h6woxNdOkAB:FX7mjiYuRT7X1QNKzRAQnO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_35adbd0f7519da1db22377abc59a75e2

Files

JaffaCakes118_35adbd0f7519da1db22377abc59a75e2
.exe windows:4 windows x86 arch:x86

8e29df27121cfcbea74b1bf03c849b9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GetModuleFileNameW
ReleaseMutex
WaitForMultipleObjectsEx
CreateFileA
SetFileAttributesA
GetTickCount
WaitForSingleObject
lstrlenA
GetCurrentThreadId
InitializeCriticalSection
CloseHandle
GetVolumeInformationA
MultiByteToWideChar
GetTempFileNameA
GetProcessId
CreateFileW
GetCurrentProcessId
Sleep
DeleteCriticalSection
InterlockedIncrement
GetTempPathA
GlobalLock
VirtualAlloc
GetModuleFileNameA
LocalAlloc
ReadFile
EnumResourceTypesW
GetLastError
InterlockedDecrement
ExitProcess
WideCharToMultiByte
CreateMutexA
DeleteFileA
SetFilePointer
GetFileAttributesA
DisableThreadLibraryCalls
GetVersionExA
VirtualFree
LocalFree
GetFileSize
CopyFileA
CreateDirectoryA
GlobalFree
GetSystemTime
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeviceIoControl
FreeLibrary

user32

SendMessageA
RegisterClassA
DispatchMessageA
ReleaseDC
GetDesktopWindow
EnableWindow
AttachThreadInput
CopyRect
FillRect
SetRect
DefWindowProcA
EqualRect
IsWindow
PeekMessageA
InvalidateRect
GetClientRect
InflateRect
PostMessageA
BringWindowToTop
wsprintfA
TranslateMessage
GetDC
SetParent
UnregisterClassA

avifil32

AVISaveOptions
AVIMakeCompressedStream

shlwapi

PathFileExistsA
PathFileExistsW
StrStrIW

ole32

CoTaskMemAlloc
StgCreateDocfile
CoFreeUnusedLibraries
CreateItemMoniker
StgOpenStorage
CoCreateInstance
CoSetProxyBlanket
CoInitialize
GetRunningObjectTable
StringFromGUID2
CoUninitialize
CoTaskMemFree

gdi32

GetObjectA
DeleteObject
CreateCompatibleBitmap
GetStockObject
SelectObject
CreateDCA
DeleteDC
BitBlt
CreateCompatibleDC
PatBlt
CreateDIBSection
SetStretchBltMode
StretchBlt
SetDIBits

shell32

SHGetSpecialFolderPathA

advapi32

RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegCreateKeyA
RegSetValueA
RegQueryValueExW
RegDeleteKeyA
RegOpenKeyExW
RegOpenKeyExA
RegSetValueExA

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e29df27121cfcbea74b1bf03c849b9c

Headers

File Characteristics

Imports

kernel32

user32

avifil32

shlwapi

ole32

gdi32

shell32

advapi32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 66KB - Virtual size: 65KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 66KB - Virtual size: 65KB

.tls
Size: 1024B - Virtual size: 104KB