38bc7bd89053fe88dab92350b63f82f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38bc7bd89053fe88dab92350b63f82f1_JaffaCakes118
Size

271KB
MD5

38bc7bd89053fe88dab92350b63f82f1
SHA1

de8a040fc7a0ef3ea14bfa16816f8752350a2394
SHA256

fd41ad521483a37d4bdbf2ee5c4611353ffd0c27a9887a2381a6f02e44062ada
SHA512

4b20e5a3c4916c99248772fb7715f444a7c37fb5cb9acbfdc116b25849dc17997722ce25b9fff94ba728af60515433a36548043c06177e4647e1dd2645e19e0e
SSDEEP

6144:gGoe4J15pdpq+dOVSNJrxV6d9msI16ESkXJ97wEQ+:KPZJdrNVfY99W6SXJ97X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38bc7bd89053fe88dab92350b63f82f1_JaffaCakes118

Files

38bc7bd89053fe88dab92350b63f82f1_JaffaCakes118
.exe windows:1 windows x86 arch:x86

86b2300e16b1fa661e3c57456d5af703

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

hid

HidP_GetSpecificButtonCaps
HidP_GetUsages
HidD_FreePreparsedData
HidP_MaxUsageListLength
HidP_GetUsageValue
HidP_GetCaps
HidD_GetProductString
HidD_GetPreparsedData

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemAlloc

gdi32

SelectObject
DeleteObject

user32

SystemParametersInfoW
SetThreadDesktop
ClientToScreen
IntersectRect
SendInput
DestroyWindow
CreateWindowExW
DrawIconEx
GetWindowLongW
DestroyIcon
RegisterWindowMessageW
GetSystemMetrics
ShowWindow
GetThreadDesktop
GetDoubleClickTime
FillRect
EnumDisplaySettingsW
GetMonitorInfoW
CloseDesktop
PostThreadMessageW
CallNextHookEx
PtInRect
UnregisterDeviceNotification
GetMessageW
GetClientRect
EnumDisplayMonitors
MonitorFromWindow
OpenInputDesktop
GetPropW

msvcrt

??2@YAPAXI@Z
_c_exit
_wcmdln
??3@YAXPAX@Z
__p__fmode
?terminate@@YAXXZ
_cexit
__set_app_type
wcsstr
_CxxThrowException
__CxxFrameHandler
fclose
_purecall
_onexit
_CIpow
_except_handler3
swscanf
_wcsicmp
_wfopen
_XcptFilter
_vsnwprintf
malloc
_adjust_fdiv
exit
_ftol
free
__setusermatherr
__p__commode
wcslen
_exit

atl

ord57
ord17
ord16
ord32
ord30

kernel32

ResetEvent
SetEvent
VirtualAllocEx
CompareStringW
SetWaitableTimer
WaitForSingleObject
SetPriorityClass
CreateEventW
CloseHandle
CancelIo
InitializeCriticalSection
GetProcAddress
FreeLibrary
SetPriorityClass
HeapAlloc
GetTickCount
GetProcessWorkingSetSize
GetSystemDirectoryW
MulDiv
ReadFile
MapViewOfFile
GetModuleHandleA
QueryPerformanceCounter
VerifyVersionInfoW
GetCommandLineW
GetStartupInfoW
EnterCriticalSection
VerSetConditionMask
GetCurrentProcess
CreateFileMappingW
CreateMutexW
InterlockedIncrement
WaitForMultipleObjects
VirtualFree
CreateWaitableTimerW
GlobalAddAtomW
GetOverlappedResult
lstrlenW
QueryPerformanceFrequency
GetLastError
lstrcpyW

advapi32

RegCloseKey
RegOpenKeyW
OpenThreadToken
SetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyW
GetTokenInformation
RegOpenKeyExW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86b2300e16b1fa661e3c57456d5af703

Headers

DLL Characteristics

File Characteristics

Imports

hid

ole32

gdi32

user32

msvcrt

atl

kernel32

advapi32

setupapi

Sections

.text Size: 185KB - Virtual size: 185KB

.data Size: 61KB - Virtual size: 61KB

.rsrc Size: 23KB - Virtual size: 528KB

.text
Size: 185KB - Virtual size: 185KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 23KB - Virtual size: 528KB