JaffaCakes118_1baf4d9e6cd2ab156de6ed10576d663b

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_1baf4d9e6cd2ab156de6ed10576d663b
Size

182KB
MD5

1baf4d9e6cd2ab156de6ed10576d663b
SHA1

30d6a925604f01bd299e9fc69493bc5e793e7b76
SHA256

0ddbea787385d8277687d750b872be44322327d3c023ad750648ba27b6f5c614
SHA512

1648e32e8be73b43adceb1b8a2d0a7b3f991577d42dff6dc058afe66ccaac9897936bb8bdb8a9881776e814f25a9bb8442842abc368473f7f8504fd397dcf7b3
SSDEEP

3072:jbnYg9mewK9LSOK0p7NIxJGwIZwFf8lGpqjcez/ACRLD9Lfvy:vYg9rwmLSOK0XEJG6Ff8kpqgeDFdLfv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_1baf4d9e6cd2ab156de6ed10576d663b

Files

JaffaCakes118_1baf4d9e6cd2ab156de6ed10576d663b
.exe windows:4 windows x86 arch:x86

ed8843cf736c6688f63f038ee995fcf7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegEnumKeyExW
RegCreateKeyW
RegDeleteKeyW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

user32

GetClientRect
DispatchMessageW
wsprintfW
SetRectEmpty
FillRect
IsRectEmpty
CopyRect
PeekMessageW
OffsetRect
GetDC
ReleaseDC
TranslateMessage
GetWindowRect

shlwapi

PathFileExistsW
PathRenameExtensionW
PathCombineW
PathIsDirectoryW
PathRemoveBackslashW
PathAppendW
PathAddBackslashW
PathFileExistsA
PathRemoveFileSpecW

kernel32

WaitForMultipleObjects
GetProcAddress
GetTickCount
GetACP
GetVersionExA
DeleteCriticalSection
GetSystemTime
OutputDebugStringW
RemoveDirectoryW
LocalAlloc
SetFilePointer
EnterCriticalSection
OutputDebugStringA
InterlockedExchange
GetFileAttributesA
GetProcessPriorityBoost
lstrlenA
CreateDirectoryW
WaitForSingleObject
CreateMutexA
FreeLibrary
MulDiv
GetTempPathA
GetTempPathW
MultiByteToWideChar
InitializeCriticalSection
CopyFileA
GetVersionExW
CreateDirectoryA
LeaveCriticalSection
GetLastError
InterlockedIncrement
ReleaseMutex
DisableThreadLibraryCalls
EnumResourceTypesW
GetThreadLocale
ReadFile
CreateFileA
WideCharToMultiByte
WriteFile
SetFileAttributesW
GetLocaleInfoA
DeleteFileW
ExitProcess
GetTempFileNameA
LocalFree
InterlockedDecrement
QueryPerformanceCounter
SetFileAttributesA
DeleteFileA
lstrlenW
FindClose
FindFirstFileW
FindNextFileW
GetTempFileNameW
GetCurrentProcessId
LoadLibraryW
CloseHandle
GetCurrentThreadId
GetModuleFileNameW
GetModuleFileNameA
Sleep
GetSystemTimeAsFileTime

winmm

timeGetTime

ole32

StringFromGUID2
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoInitialize

gdi32

CreateDCW
DeleteDC
GetObjectType
DeleteObject
GetDIBits
BitBlt
SetBkColor
SelectObject
GetObjectW
CreateDIBSection
CreateBitmap
StretchBlt
CreateSolidBrush
SetBrushOrgEx
CreateCompatibleBitmap
CreateCompatibleDC
SetStretchBltMode

avifil32

AVISaveOptions
AVIMakeCompressedStream

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed8843cf736c6688f63f038ee995fcf7

Headers

File Characteristics

Imports

advapi32

shell32

user32

shlwapi

kernel32

winmm

ole32

gdi32

avifil32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 74KB - Virtual size: 74KB

.tls Size: 1024B - Virtual size: 124KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 74KB - Virtual size: 74KB

.tls
Size: 1024B - Virtual size: 124KB