e271b7dea7766bf6c8d77d817967764e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e271b7dea7766bf6c8d77d817967764e_JaffaCakes118
Size

260KB
MD5

e271b7dea7766bf6c8d77d817967764e
SHA1

ca89fac1a95b4871108f4df0658fe5881942147c
SHA256

85024fcf377205d3517ab6c2e452616fd84cb2857c7d0c6db78792f39b3edeef
SHA512

d4d23a9adaa67cbaaf044cae5db2229359e4ffd64f6691d1984e6ffb904bd03044540d24cbc9ec3dc168441460e559df82f127412beb43e1ad55662cf38b9e85
SSDEEP

6144:kJ1JPBzUlWJd2Dqdx4iVtPFu9fZhLJ5rSACpfSL1TczIqp:kJL5zUEj4CtEZ354EyII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e271b7dea7766bf6c8d77d817967764e_JaffaCakes118

Files

e271b7dea7766bf6c8d77d817967764e_JaffaCakes118
.exe windows:8 windows x86 arch:x86

913fc8ea1a85f530dc02d987ee43fe68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetLengthSid
RegQueryValueExA
RegCloseKey
OpenThreadToken
CopySid
RegOpenKeyW
SetSecurityDescriptorGroup
RegOpenKeyExW
RegSetValueW
InitializeSecurityDescriptor

msvcrt

?terminate@@YAXXZ
free
__set_app_type
_ftol
_itow
wcscpy
??2@YAPAXI@Z
__p__fmode
_controlfp
_wcsicmp
__p__commode
_XcptFilter
??3@YAXPAX@Z
exit
_beginthreadex
wcslen
__setusermatherr
_onexit
??1type_info@@UAE@XZ
swscanf
_CxxThrowException
malloc
_wcmdln
wcscmp
_adjust_fdiv
_exit

gdi32

DeleteObject
SelectObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap

kernel32

lstrcpyW
ResetEvent
DeleteCriticalSection
VerSetConditionMask
lstrlenW
GetProcAddress
GetOverlappedResult
GlobalDeleteAtom
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
LeaveCriticalSection
GetLastError
EnterCriticalSection
GetTickCount
CloseHandle
VirtualFree
GetStartupInfoW
SetThreadPriority
GetCommandLineW
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
VirtualAlloc
CloseHandle
SetProcessShutdownParameters
QueryPerformanceCounter
QueueUserAPC
InterlockedIncrement
CancelIo

atl

ord17
ord44
ord23
ord16
ord20
ord57
ord32

ole32

CoInitializeSecurity
CoTaskMemFree
CoInitializeEx

hid

HidD_GetAttributes
HidP_GetUsageValue
HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetUsages
HidP_GetSpecificButtonCaps
HidP_MaxUsageListLength

user32

SetWindowsHookExW
CloseDesktop
GetWindowLongW
PostMessageW
IsWindow
LoadStringW
SystemParametersInfoW
RegisterDeviceNotificationW
GetDC
ReleaseDC
GetMessageW
EnumDisplaySettingsW
CallWindowProcW
ClientToScreen
PtInRect
ShowWindow
DefWindowProcW
SetThreadDesktop
FillRect
EnumDisplayMonitors
CreateWindowExW
MonitorFromPoint
GetDesktopWindow
GetDoubleClickTime
GetSysColorBrush
InflateRect
SendInput
MonitorFromWindow
MoveWindow
UpdateLayeredWindow

setupapi

SetupDiGetClassDevsExW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

913fc8ea1a85f530dc02d987ee43fe68

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt

gdi32

kernel32

atl

ole32

hid

user32

setupapi

Sections

.text Size: 197KB - Virtual size: 197KB

.data Size: 54KB - Virtual size: 54KB

.rsrc Size: 7KB - Virtual size: 568KB

.text
Size: 197KB - Virtual size: 197KB

.data
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 7KB - Virtual size: 568KB