0173a5388227f283769a1c4754504bdf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0173a5388227f283769a1c4754504bdf_JaffaCakes118
Size

273KB
MD5

0173a5388227f283769a1c4754504bdf
SHA1

a879fc6fc7ccb5df154a1287766856db569f0879
SHA256

20f6cce4c7ca7591dc1a424bf78ec6c86dd2f7ed6dc71aa44475437e83b6ee21
SHA512

1a0f1c454e8b5806c3b9ba8129ed1c28d5d8a775b73df4f29704c5656db155aac2b06bfae784e6b9d4016907a453ac8b1bd2264c908271d86de2ce0e24af01f3
SSDEEP

6144:3l60pmokKrdS+qfMK9tQh7IzZWEcIQGuxyDmLdaGqo1lGzK8KyNpBW:3cc3lrnq3tQhclWZIQG+1jq8vKNrW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0173a5388227f283769a1c4754504bdf_JaffaCakes118

Files

0173a5388227f283769a1c4754504bdf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f278896b9e93ea10a0c968a7cf90957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegDeleteKeyW
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExW
OpenThreadToken
GetTokenInformation
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegSetValueExW
RegSetValueW
RegQueryValueExA

kernel32

FreeLibrary
GetCurrentProcess
QueryPerformanceFrequency
GetOverlappedResult
CancelWaitableTimer
InitializeCriticalSection
CreateFileMappingW
EnterCriticalSection
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
GetProcessHeap
GetTickCount
VirtualFree
DeleteCriticalSection
GetStartupInfoW
DuplicateHandle
LeaveCriticalSection
GetCurrentThread
CreateWaitableTimerW
VirtualAlloc
WaitForMultipleObjectsEx
GetLastError
GetProcessWorkingSetSize
HeapAlloc
CreateMutexW
CloseHandle
QueueUserAPC
SetPriorityClass
OpenEventW
CloseHandle
ReadFile
InterlockedDecrement
SetProcessShutdownParameters

gdi32

DeleteObject
SelectObject
CreateSolidBrush
DeleteDC

msvcrt

wcsstr
_onexit
??2@YAPAXI@Z
_vsnwprintf
_ftol
wcscpy
_cexit
_wcmdln
_c_exit
_wfopen
_initterm
??3@YAXPAX@Z
_except_handler3
_CIpow
swscanf
__CxxFrameHandler
?terminate@@YAXXZ
exit
malloc
_XcptFilter
__p__fmode
_adjust_fdiv
_wcsicmp
__p__commode
??1type_info@@UAE@XZ
_itow
fputws
wcslen
__setusermatherr
wcstol
free

ole32

CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoTaskMemFree

hid

HidP_GetUsageValue
HidP_GetCaps
HidP_GetUsages
HidD_GetAttributes
HidD_GetHidGuid

user32

PostThreadMessageW
SetCursorPos
GetSystemMetrics
GetThreadDesktop
EnumDisplaySettingsW
RegisterDeviceNotificationW
CallNextHookEx
PostMessageW
SetThreadDesktop
GetUserObjectInformationW
MoveWindow
GetDoubleClickTime
ClientToScreen
FillRect
GetClientRect
EnumDisplayMonitors
DestroyWindow
GetPropW
GetAncestor
LoadStringW
RegisterWindowMessageW
GetMonitorInfoW
SetWindowLongW
CreateWindowExW
GetSysColor
LoadImageW
WindowFromPoint
InflateRect
CharNextW
MonitorFromPoint
CallWindowProcW
DestroyIcon
GetDC
IntersectRect
IsWindow
DispatchMessageW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey

atl

ord43
ord16
ord23
ord17
ord57

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f278896b9e93ea10a0c968a7cf90957

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

msvcrt

ole32

hid

user32

setupapi

atl

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 72KB - Virtual size: 72KB

.rsrc Size: 23KB - Virtual size: 580KB

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 23KB - Virtual size: 580KB