JaffaCakes118_e93c5ffb04f679ca0e5dae95c34f9879

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_e93c5ffb04f679ca0e5dae95c34f9879
Size

172KB
MD5

e93c5ffb04f679ca0e5dae95c34f9879
SHA1

d36cb926a0e673a6ab4b77ce175b18c33817eeb9
SHA256

4c25c6f1f41248a690fbb6978bd048bda7ad963a5017a8306004b1c48e667fd6
SHA512

cda1f5cf9647e071be947ca1d2117e0442ebac6d8644a9f285ded29499c439c69bf55277b48a0d24b62f60e14c1fbb0c6cba845f2f810cfb41911706f412ff71
SSDEEP

3072:j+USykMgdEWjgQ6pOoWJMP5/fnOxiYQ4DxD4FNKJYefg5:Sby3gNM4oaMP5uJtNsfKJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e93c5ffb04f679ca0e5dae95c34f9879

Files

JaffaCakes118_e93c5ffb04f679ca0e5dae95c34f9879
.exe windows:4 windows x86 arch:x86

79678d75b04552e277173f0720fb0221

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveBackslashW
PathFileExistsA
PathCombineW
PathRenameExtensionW
PathFileExistsW
PathAppendW
PathAddBackslashW
PathIsDirectoryW
PathRemoveFileSpecW

shell32

SHGetSpecialFolderPathA

user32

SetRectEmpty
OffsetRect
PeekMessageW
TranslateMessage
FillRect
IsRectEmpty
wsprintfW
DispatchMessageW
GetClientRect
CopyRect
ReleaseDC
GetDC
GetWindowRect

advapi32

RegCreateKeyW
RegSetValueW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExW
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyA

kernel32

WriteFile
ReleaseMutex
WaitForMultipleObjects
SetFileAttributesW
GetTempPathW
ReadFile
GetTempFileNameA
FindNextFileW
QueryPerformanceCounter
CreateDirectoryW
InitializeCriticalSection
SetFilePointer
GetModuleFileNameA
CreateFileA
FindClose
FindFirstFileW
WaitForSingleObject
MulDiv
GetPriorityClass
GetProcAddress
GetLocaleInfoA
GetTickCount
DisableThreadLibraryCalls
LocalAlloc
GetTempFileNameW
GetSystemTime
CreateDirectoryA
WideCharToMultiByte
DeleteFileA
EnumResourceTypesW
RemoveDirectoryW
GetThreadLocale
GetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
GetFileAttributesA
LeaveCriticalSection
CreateMutexA
ExitProcess
DeleteFileW
MultiByteToWideChar
lstrlenW
OutputDebugStringW
CopyFileA
GetModuleFileNameW
Sleep
OutputDebugStringA
GetTempPathA
GetACP
EnterCriticalSection
GetVersionExW
InterlockedExchange
SetFileAttributesA
GetVersionExA
lstrlenA
FreeLibrary
LocalFree
LoadLibraryW
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
GetSystemTimeAsFileTime

ole32

CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
StringFromGUID2
CoInitialize

winmm

timeGetTime

avifil32

AVISaveOptions
AVIMakeCompressedStream

gdi32

SetBrushOrgEx
CreateCompatibleBitmap
GetObjectType
GetDIBits
GetObjectW
DeleteDC
CreateCompatibleDC
CreateSolidBrush
SelectObject
DeleteObject
CreateBitmap
CreateDIBSection
CreateDCW
SetBkColor
StretchBlt
BitBlt
SetStretchBltMode

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79678d75b04552e277173f0720fb0221

Headers

File Characteristics

Imports

shlwapi

shell32

user32

advapi32

kernel32

ole32

winmm

avifil32

gdi32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 65KB - Virtual size: 65KB

.tls Size: 1024B - Virtual size: 252KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 65KB - Virtual size: 65KB

.tls
Size: 1024B - Virtual size: 252KB