fcec6397e179511bee1db32175f69213_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcec6397e179511bee1db32175f69213_JaffaCakes118
Size

473KB
MD5

fcec6397e179511bee1db32175f69213
SHA1

4f7758beb2367842b9329a5f3c0cdc195ee4b953
SHA256

21be2f39ef9bf964fc10e2301d116cde74e9e7bf9e38ad7411815f341ea683f2
SHA512

f7d01bef4a63119a17f64df3d439e4ba92375ccc03be5cf30636865518908d56625cef200a78df622042433f7a716f35161ffe9b6a43e5fbc808139e389d2a71
SSDEEP

12288:NX/cvjzjUNHanX2yUVBWW8J1922Gnido1z35kHs1p:F/cvjzjYa9UVwL19oiuV1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcec6397e179511bee1db32175f69213_JaffaCakes118

Files

fcec6397e179511bee1db32175f69213_JaffaCakes118
.exe windows:4 windows x64 arch:x64

7023e4ab55c2d0728f5a28b89e0f3ca0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\vss2013\source\glidepoint5\app\hidmonitorsvc.exe\00_alps\x86_x64(vs2005)\x64\release\HidMonitorSvc.pdb

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

hid

HidD_GetAttributes
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetHidGuid

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW

shlwapi

PathFileExistsW

kernel32

CreateFileW
CloseHandle
GetLastError
Sleep
CreateEventW
GetVersionExW
HeapSize
GetTickCount
SetEvent
lstrcatW
FreeLibrary
LoadLibraryW
GetProcAddress
ExpandEnvironmentStringsW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetSystemDirectoryW
WriteConsoleW
CreateFileA
FlushFileBuffers
WaitForSingleObject
IsValidCodePage
InitializeCriticalSection
LoadLibraryA
HeapAlloc
HeapFree
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
RtlUnwindEx
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW

advapi32

RegQueryValueExW
RegSetValueExW
StartServiceCtrlDispatcherW
CreateProcessAsUserW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 396KB - Virtual size: 736KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7023e4ab55c2d0728f5a28b89e0f3ca0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

hid

wtsapi32

shlwapi

kernel32

user32

advapi32

userenv

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 15KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 396KB - Virtual size: 736KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 15KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 396KB - Virtual size: 736KB