1b57fa3e29494c9b60d237435747020e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b57fa3e29494c9b60d237435747020e_JaffaCakes118
Size

280KB
MD5

1b57fa3e29494c9b60d237435747020e
SHA1

435b98f3420c10d0ffb66a3e9fce586f4deda598
SHA256

384f76030001bf7a22149c4827e643b48b06b64669fc8baed6db7b49c6ef1170
SHA512

29e33cad213b5438eacaf04a5524970a2d3cef2daa543a5f93b8ae509f69f5ca533f28cc56e832460604a502a702ef660a4021f74e4ce5edf09072b1a87cde2c
SSDEEP

6144:AFTCjuIUqAcminCdQeneZ/EboV/3PGAco1QAGXICDHpqQquW4ZepMArz:5qfq5UnK/Wo/fBrmBHo3VpMArz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b57fa3e29494c9b60d237435747020e_JaffaCakes118

Files

1b57fa3e29494c9b60d237435747020e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88b1dcd572b0cddaef6167a0573cd521

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_adjust_fdiv
__dllonexit
__wgetmainargs
wcscmp
_controlfp
malloc
__setusermatherr
__p__fmode
_beginthreadex
_exit
_except_handler3
_ftol
__p__commode
exit
wcscpy

ole32

CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance

user32

EqualRect
GetUserObjectInformationW
CallWindowProcW
EnumDisplayMonitors
FillRect
GetPropW
GetClientRect
MonitorFromPoint
WindowFromPoint
GetDesktopWindow
DestroyIcon
GetSysColorBrush
InflateRect
CreateWindowExW
CharNextW
UnregisterDeviceNotification
GetDoubleClickTime
LoadImageW
GetSystemMetrics
MonitorFromWindow
GetAncestor
SetThreadDesktop
PostMessageW
LoadStringW

atl

ord58
ord17

gdi32

GetDeviceCaps
SelectObject
DeleteObject

setupapi

SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo
SetupDiGetClassDevsExW
SetupDiGetDeviceInterfaceDetailW

advapi32

OpenThreadToken
RegOpenKeyExA
SetSecurityDescriptorOwner
RegQueryValueExW
GetTokenInformation
SetSecurityDescriptorDacl
RegOpenKeyW
RegCreateKeyW
RegQueryValueExA
RegOpenKeyExW

kernel32

GetTickCount
QueryPerformanceFrequency
lstrlenW
CancelWaitableTimer
GetProcAddress
MapViewOfFile
GetOverlappedResult
ReadFile
OpenEventW
GetCurrentThread
GetTickCount
WaitForMultipleObjectsEx
SetThreadExecutionState
LoadLibraryW
HeapFree
GlobalDeleteAtom
SetPriorityClass
DuplicateHandle
CloseHandle
WaitForSingleObject
GetCurrentProcess
CompareStringW
UnmapViewOfFile
lstrcpyW
CloseHandle
VerifyVersionInfoW
EnterCriticalSection
WaitForMultipleObjects
GetSystemDirectoryW
GetProcessShutdownParameters
VirtualFree
GetModuleHandleA
SetProcessShutdownParameters
VirtualAllocEx
ReleaseMutex
CreateWaitableTimerW
InitializeCriticalSection

hid

HidP_GetCaps
HidD_GetPreparsedData

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88b1dcd572b0cddaef6167a0573cd521

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

user32

atl

gdi32

setupapi

advapi32

kernel32

hid

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 71KB - Virtual size: 70KB

.rsrc Size: 30KB - Virtual size: 584KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 71KB - Virtual size: 70KB

.rsrc
Size: 30KB - Virtual size: 584KB