JaffaCakes118_3cff8414a9d8f8bb8078d59d7031ec11

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3cff8414a9d8f8bb8078d59d7031ec11
Size

182KB
MD5

3cff8414a9d8f8bb8078d59d7031ec11
SHA1

81943722851df11e394d5d6e702d2890376a327c
SHA256

1f68755a40128115f0b431efe0a90a6048f86c6bba42862ee55e8081b5c27cf3
SHA512

9a78a224f7f858eb348841077c59518748c416c7b223dfa6ebb398a7751730fd1200ad78349ea4bd17c568d7a311654e4751aefd546967f531b2280caaf8e33c
SSDEEP

3072:SUd1Ce41yxx874cEEqN4B2H/I1FrDQZVZAI9CAJljvH/lv7:XKL1Mxc/t8H/RKIQATT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3cff8414a9d8f8bb8078d59d7031ec11

Files

JaffaCakes118_3cff8414a9d8f8bb8078d59d7031ec11
.exe windows:4 windows x86 arch:x86

1ea747f985c3a757cbdcd7ef70aba26d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyW
RegOpenKeyExW
RegOpenKeyExA
RegSetValueW
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExA
RegEnumKeyExW
RegDeleteKeyA

winmm

timeGetTime

user32

wsprintfW
IsRectEmpty
PeekMessageW
GetClientRect
TranslateMessage
FillRect
OffsetRect
ReleaseDC
SetRectEmpty
DispatchMessageW
CopyRect
GetDC
GetWindowRect

avifil32

AVISaveOptions
AVIMakeCompressedStream

gdi32

DeleteDC
SetBkColor
SelectObject
CreateDCW
GetObjectW
CreateDIBSection
CreateSolidBrush
GetDIBits
CreateCompatibleBitmap
StretchBlt
BitBlt
SetBrushOrgEx
CreateCompatibleDC
CreateBitmap
GetObjectType
DeleteObject
SetStretchBltMode

kernel32

GetTempPathW
WaitForMultipleObjects
GetFileAttributesA
GetThreadLocale
MulDiv
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
FindClose
GetACP
CreateFileA
SetFileAttributesA
CopyFileA
LoadLibraryW
ReleaseMutex
lstrlenA
CreateDirectoryW
GetProcessPriorityBoost
FreeLibrary
lstrlenW
GetVersionExA
DisableThreadLibraryCalls
GetTempFileNameW
FindNextFileW
GetProcAddress
DeleteFileA
OutputDebugStringW
FindFirstFileW
GetModuleFileNameW
EnumResourceTypesW
SetFilePointer
Sleep
GetTempPathA
LocalAlloc
DeleteFileW
InitializeCriticalSection
CreateMutexA
RemoveDirectoryW
QueryPerformanceCounter
GetCurrentThreadId
CreateDirectoryA
ExitProcess
InterlockedDecrement
GetLastError
GetTempFileNameA
LocalFree
GetLocaleInfoA
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
GetVersionExW
OutputDebugStringA
GetModuleFileNameA
GetCurrentProcessId
WriteFile
WideCharToMultiByte
GetSystemTime
ReadFile
MultiByteToWideChar
CloseHandle
SetFileAttributesW
GetTickCount
GetSystemTimeAsFileTime

shlwapi

PathRenameExtensionW
PathFileExistsA
PathIsDirectoryW
PathAddBackslashW
PathCombineW
PathFileExistsW
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW

ole32

CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2
CoCreateInstance
CoInitialize

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ea747f985c3a757cbdcd7ef70aba26d

Headers

File Characteristics

Imports

advapi32

winmm

user32

avifil32

gdi32

kernel32

shlwapi

ole32

shell32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 74KB - Virtual size: 73KB

.tls Size: 1024B - Virtual size: 124KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 74KB - Virtual size: 73KB

.tls
Size: 1024B - Virtual size: 124KB