2b47033bc7510a32e5e0fd2932c72e65_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b47033bc7510a32e5e0fd2932c72e65_JaffaCakes118
Size

257KB
MD5

2b47033bc7510a32e5e0fd2932c72e65
SHA1

08c0aec198ea0cb2fdc5aa9124e3066e185ba332
SHA256

d3ac587a0387abd6c87347c7cc1db4d4a1ec5f7ac9673b7c7d4d5dd6753d5896
SHA512

1e892504d47eab2b767e2063fe246fc24c499bd7eff82fda2a29f385199f5438a6c45550ee4a6618dd979cbbccb4d132d741b8d118bc56b3b9392ce96f8bf72d
SSDEEP

6144:uPO/5cwVowItMNT73FJ5F43UpPGgA+dyR45r6Ks:Z5vWDtcT73rXfA+8WLs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b47033bc7510a32e5e0fd2932c72e65_JaffaCakes118

Files

2b47033bc7510a32e5e0fd2932c72e65_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6e418a924438e9eeec0c4b214d193f2d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CancelWaitableTimer
UnmapViewOfFile
FreeLibrary
HeapFree
ResetEvent
GetProcessShutdownParameters
FlushInstructionCache
QueueUserAPC
MapViewOfFile
SetPriorityClass
CloseHandle
VerSetConditionMask
LoadLibraryW
SetProcessShutdownParameters
WaitForSingleObject
GetCurrentThread
DuplicateHandle
GetCurrentProcess
GetTickCount
CreateFileW
EnterCriticalSection
GetProcAddress
SetWaitableTimer
GetCurrentThreadId
SetThreadPriority
GetOverlappedResult
VirtualFree
InterlockedIncrement
MulDiv
VirtualAllocEx
GetProcessHeap
CancelIo
VerifyVersionInfoW
GlobalAddAtomW
QueryPerformanceCounter
SetPriorityClass
InterlockedDecrement
GetModuleHandleA
GetTickCount
CreateFileMappingW
ReleaseMutex

gdi32

DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush

atl

ord23
ord16
ord18
ord17

msvcrt

_wcsicmp
_onexit
_CxxThrowException
wcscpy
__p__commode
swscanf
malloc
_adjust_fdiv
wcscmp
_purecall
_CIpow
__dllonexit
_cexit
__set_app_type
__setusermatherr
__p__fmode
_c_exit
_vsnwprintf
wcsstr
__wgetmainargs
_initterm
_itow
wcstol
__CxxFrameHandler
??3@YAXPAX@Z
??1type_info@@UAE@XZ
free
fputws

hid

HidD_GetHidGuid
HidD_GetProductString
HidP_GetUsageValue
HidP_GetUsages

ole32

CoInitializeEx
CoTaskMemAlloc

user32

DestroyIcon
MonitorFromPoint
GetAncestor
PostThreadMessageW
FillRect
UnhookWindowsHookEx
MoveWindow
CallWindowProcW
DestroyWindow
CloseDesktop
SetWindowLongW
PostMessageW
GetDC
LoadStringW
SystemParametersInfoW
OpenInputDesktop
GetUserObjectInformationW
LoadImageW
DefWindowProcW
IntersectRect
PtInRect
RegisterDeviceNotificationW
GetDoubleClickTime
MonitorFromWindow
GetDesktopWindow
ReleaseDC

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey

advapi32

OpenThreadToken
RegOpenKeyW
RegOpenKeyExW
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e418a924438e9eeec0c4b214d193f2d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

atl

msvcrt

hid

ole32

user32

setupapi

advapi32

Sections

.text Size: 170KB - Virtual size: 170KB

.data Size: 75KB - Virtual size: 75KB

.rsrc Size: 10KB - Virtual size: 592KB

.text
Size: 170KB - Virtual size: 170KB

.data
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 10KB - Virtual size: 592KB