JaffaCakes118_9cb0df0cf69475dfedd87d03c72c2394

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9cb0df0cf69475dfedd87d03c72c2394
Size

166KB
MD5

9cb0df0cf69475dfedd87d03c72c2394
SHA1

67050b40cdd9ac421ea2da633d1d44d2a3a8c60f
SHA256

ae834b2d6d02ab8ab9261fdf2556d6a009be31433ad7664eadb67726b221f64a
SHA512

165980d232c8b376b51e0defc1a08bb6ceff1b527a818725c6a8ec6fda599ea07f8ffc4a117b5813ce504405e1bd042835d02b78ae1b839d0846f65b57937c81
SSDEEP

3072:hWnREboNSsqodoeJ7a5M1vA2g/BJw8i90tMFeSo91rG3+U:oRDqodI5M96BJw8i9oMES4r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_9cb0df0cf69475dfedd87d03c72c2394

Files

JaffaCakes118_9cb0df0cf69475dfedd87d03c72c2394
.exe windows:4 windows x86 arch:x86

4034d3c062c9a5c83bb4ce327497af15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExW
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegSetValueW
RegCreateKeyW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExA
RegDeleteKeyA

gdi32

GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
GetDIBits
CreateDIBSection
SetBrushOrgEx
BitBlt
DeleteObject
CreateBitmap
SetBkColor
DeleteDC
GetObjectType
CreateSolidBrush
StretchBlt
SelectObject
SetStretchBltMode

kernel32

GetTempFileNameA
DeleteFileW
SetFilePointer
MulDiv
LocalAlloc
LeaveCriticalSection
GetTempPathW
CreateFileA
WaitNamedPipeA
MultiByteToWideChar
GetTickCount
GetCurrentThreadId
CreateDirectoryA
GetThreadLocale
FindClose
FindFirstFileW
GetProcessAffinityMask
GetProcAddress
WideCharToMultiByte
GetTempFileNameW
GetModuleFileNameA
DeleteCriticalSection
FreeLibrary
GetFileAttributesA
DisableThreadLibraryCalls
LoadLibraryW
InterlockedIncrement
RemoveDirectoryW
GetVersionExW
GetLastError
GetSystemTime
CreateMutexA
ReadFile
SetFileAttributesA
InterlockedExchange
EnumResourceTypesW
EnterCriticalSection
GetTempPathA
lstrlenA
DeleteFileA
LocalFree
WaitForSingleObject
WriteFile
CopyFileA
GetACP
OutputDebugStringA
CloseHandle
InitializeCriticalSection
OutputDebugStringW
ExitProcess
lstrlenW
Sleep
GetModuleFileNameW
GetLocaleInfoA
GetVersionExA
CreateDirectoryW
FindNextFileW
GetCurrentProcessId
QueryPerformanceCounter
InterlockedDecrement
SetFileAttributesW
ReleaseMutex
GetSystemTimeAsFileTime

winmm

timeGetTime

ole32

StringFromGUID2
CoCreateInstance
CoFreeUnusedLibraries
CoUninitialize
CoInitialize

user32

GetClientRect
DispatchMessageW
CopyRect
ReleaseDC
OffsetRect
wsprintfW
SetRectEmpty
TranslateMessage
PeekMessageW
GetDC
IsRectEmpty
FillRect
GetWindowRect

shlwapi

PathIsDirectoryW
PathRemoveBackslashW
PathFileExistsA
PathAppendW
PathRenameExtensionW
PathAddBackslashW
PathFileExistsW
PathCombineW
PathRemoveFileSpecW

avifil32

AVISaveOptions
AVIMakeCompressedStream

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4034d3c062c9a5c83bb4ce327497af15

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

winmm

ole32

user32

shlwapi

avifil32

shell32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 62KB - Virtual size: 61KB

.tls Size: 1024B - Virtual size: 104KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 62KB - Virtual size: 61KB

.tls
Size: 1024B - Virtual size: 104KB