0dcf19e167be7c6eb6e729f7d01c3435_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0dcf19e167be7c6eb6e729f7d01c3435_JaffaCakes118
Size

256KB
MD5

0dcf19e167be7c6eb6e729f7d01c3435
SHA1

40a02667cdef6b9098fe8bb515773f7008c83cab
SHA256

8af2d892410f68b1239bd33b4e8e90a63d81bc240136aafcc93dce4429d0a255
SHA512

64197643d364bb63beb4eef66f9805fac56b0cf174f633843eb75a5947263d5442231a1ce73414d9c1df4cbad99e8037ac336b22e85f371d860b240fe648bcdf
SSDEEP

6144:ZlE9AeNGBHzsMBvN8JAi0IpH+QR9g7JkwIJ8l1rbxi:ZlPeazoJc0+Q3g7Jke9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dcf19e167be7c6eb6e729f7d01c3435_JaffaCakes118

Files

0dcf19e167be7c6eb6e729f7d01c3435_JaffaCakes118
.exe windows:0 windows x86 arch:x86

ce3ff7742a3f6c9baa49972d53950398

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCreateKeyW
RegCreateKeyExW
GetLengthSid
RegSetValueW
OpenProcessToken
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetTokenInformation
SetSecurityDescriptorDacl
RegSetValueExW
CopySid
RegDeleteKeyW

user32

MoveWindow
CreateWindowExW
OpenDesktopW
InflateRect
CallWindowProcW
GetDC
GetUserObjectInformationW
GetDoubleClickTime
RegisterWindowMessageW
GetMessageW
RegisterDeviceNotificationW
LoadImageW
MonitorFromPoint
GetWindowLongW
ClientToScreen
MonitorFromWindow
DestroyIcon
SystemParametersInfoW
PostThreadMessageW
ShowWindow
EnumDisplaySettingsW
SetCursorPos
PostMessageW
SetThreadDesktop
GetDesktopWindow
SetWindowsHookExW
GetThreadDesktop
UnregisterDeviceNotification
WindowFromPoint
GetClientRect
IntersectRect
DestroyWindow
CallNextHookEx

atl

ord58
ord18
ord16
ord45
ord57
ord43

msvcrt

swscanf
??3@YAXPAX@Z
_adjust_fdiv
_controlfp
_except_handler3
_c_exit
_onexit
wcscmp
_cexit
_initterm
wcscpy
_CIpow
_wcsicmp
wcstol
_wfopen
__setusermatherr
_XcptFilter
??1type_info@@UAE@XZ
_ftol
wcsstr
_CxxThrowException
__wgetmainargs
_vsnwprintf
_beginthreadex

ole32

CoInitializeSecurity
CoTaskMemFree

kernel32

SetPriorityClass
SetThreadExecutionState
GetCommandLineW
GetProcessHeap
LeaveCriticalSection
VirtualAlloc
EnterCriticalSection
GetTickCount
FlushInstructionCache
DeleteCriticalSection
CancelIo
GetProcessWorkingSetSize
GlobalDeleteAtom
WaitForMultipleObjects
ResetEvent
InitializeCriticalSection
SetThreadPriority
CloseHandle
ReadFile
UnmapViewOfFile
VirtualFree
QueryPerformanceFrequency
InitializeCriticalSectionAndSpinCount
MapViewOfFile
GetTickCount
MulDiv
GetOverlappedResult
GetProcAddress
SetPriorityClass
QueryPerformanceCounter
InterlockedIncrement
CreateMutexW
SetProcessShutdownParameters
GetModuleHandleA
GetStartupInfoW
lstrcpyW
ReleaseMutex
SetWaitableTimer

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

gdi32

GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateSolidBrush
DeleteDC

hid

HidP_GetSpecificValueCaps
HidP_MaxUsageListLength

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce3ff7742a3f6c9baa49972d53950398

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

atl

msvcrt

ole32

kernel32

setupapi

gdi32

hid

Sections

.text Size: 164KB - Virtual size: 164KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 12KB - Virtual size: 560KB

.text
Size: 164KB - Virtual size: 164KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 12KB - Virtual size: 560KB