02f312ec325ad0cf61ac6608bf410260_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02f312ec325ad0cf61ac6608bf410260_JaffaCakes118
Size

132KB
MD5

02f312ec325ad0cf61ac6608bf410260
SHA1

c66a4345b4253a1fa4bcdd9a6d7ae917b3f33e62
SHA256

3150cf73ac3cd4c4ac2a6501db8e2a4e971f00f57b23d4bfe073b180157399b9
SHA512

1d04f60c1d8448dc9ef91adbe5a5f5c8be8e4fdf1afddee1e60c60d54f69cd0b1e096852ad169a4a6f13ff280b09934a45cfc12165f7b1d97863cf3765c45eb7
SSDEEP

3072:DhUDFO0o0DohXyt/ur3VO7HepBH1Vs2DX3e:tUDF7EVgurVGEBAiu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02f312ec325ad0cf61ac6608bf410260_JaffaCakes118

Files

02f312ec325ad0cf61ac6608bf410260_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3c648e4906a0378652307a3307d31b39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\workarea\8.24.50.3\drivers\2d\dal\oemdspif\build\w32\B_rel\oemdspif.pdb

Imports

kernel32

GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetLocaleInfoA
VirtualProtect
GetSystemInfo
MultiByteToWideChar
TerminateProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetVersionExA
GetCurrentProcess
lstrcpyA
GetModuleHandleA
LCMapStringW
GetProcAddress
RtlUnwind
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
RaiseException
IsBadReadPtr
IsBadCodePtr
Sleep
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
InterlockedExchange
VirtualQuery
SetConsoleCtrlHandler
LCMapStringA
GetSystemTimeAsFileTime

user32

EnumDisplaySettingsA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
MessageBoxA
ExitWindowsEx
wsprintfA
IntersectRect
WindowFromDC
MapWindowPoints
SystemParametersInfoA
GetWindowRect
GetSystemMetrics

gdi32

GetDeviceCaps
CreateDCA
DeleteDC
ExtEscape
GetClipBox

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

Exports

Exports

GetCRTCCapabilities
GetCRTCConfiguration
GetDisplayDeviceCapability
GetDisplayDeviceMode
GetDisplayDeviceSwitchCapability
GetDisplayDriverName
GetExtendedDesktopStatus
GetLCDI2CBusData
GetLCDRefreshRate
GetLCDRefreshRateCapability
GetPowerState
GetScreenExpansionStatus
GetStaticPowerState
GetTVStandard
IsExternalDisplayConnected
SetCRTCConfiguration
SetDisplayDeviceMode
SetExtendedDesktopStatus
SetLCDI2CBusData
SetLCDRefreshRate
SetPowerState
SetScreenExpansionStatus
SetStaticPowerState
SetTVStandard

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c648e4906a0378652307a3307d31b39

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 60KB - Virtual size: 60KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB