3e8957b64a364beaa4a2f59642689bf9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e8957b64a364beaa4a2f59642689bf9_JaffaCakes118
Size

252KB
MD5

3e8957b64a364beaa4a2f59642689bf9
SHA1

155225c9cd34f6f42dc6c8d588c57eeed393d544
SHA256

b8efbb2c0621de26e9b11bbd7bff57438276b55350d1cafb6cb8bc717dbeabb3
SHA512

886120f05ebbe58ffdb7be0e0ffba3f9a5c043478ae4d6fc2ffbd672eba2045a27f5b0b9f5c268368d20c3605d5f108f697b917f6d6a690fcb3d49e018377940
SSDEEP

6144:jOvH/zzlDT++fErDLTqByqHwdAdTO44gcgJdIKmJTL20T+yvqI:+H/zzRT++u7qBrHXROY5QTTq1I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e8957b64a364beaa4a2f59642689bf9_JaffaCakes118

Files

3e8957b64a364beaa4a2f59642689bf9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6cb9273e28fd34befa50e117ca004f01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetTickCount
OpenProcess
GetStdHandle
QueryPerformanceFrequency
VirtualAlloc
VerSetConditionMask
SetProcessShutdownParameters
VirtualFree
InterlockedIncrement
GetStartupInfoW
ResetEvent
InterlockedDecrement
GetCurrentThreadId
MapViewOfFile
SetThreadPriority
CloseHandle
GlobalDeleteAtom
HeapFree
DuplicateHandle
DeleteCriticalSection
CancelIo
ReadFile
FreeLibrary
ReleaseMutex
GetLastError
GetCommandLineW
CreateFileW
lstrlenW
LoadLibraryW
SetThreadExecutionState
LeaveCriticalSection
WaitForMultipleObjects
WaitForSingleObject
SetProcessShutdownParameters
SetEvent
GetProcAddress
CancelWaitableTimer
QueueUserAPC

advapi32

InitializeSecurityDescriptor
RegSetValueW
RegOpenKeyW
GetLengthSid
OpenThreadToken
RegEnumKeyW
RegSetValueExW
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExW

msvcrt

_initterm
wcscmp
_CIpow
fclose
__p__fmode
_vsnwprintf
_controlfp
__p__commode
_XcptFilter
_ftol
_onexit
wcstol
??3@YAXPAX@Z
__CxxFrameHandler
__wgetmainargs
wcsstr
fputws
swscanf
__setusermatherr
_exit
_adjust_fdiv
__set_app_type

user32

GetMonitorInfoW
SendInput
UpdateLayeredWindow
DefWindowProcW
PostThreadMessageW
GetClientRect
DrawIconEx
SetCursorPos
MonitorFromPoint
GetPropW
GetThreadDesktop
GetWindowLongW
DestroyWindow
CloseDesktop
SetWindowsHookExW
RegisterDeviceNotificationW
GetSystemMetrics
DestroyIcon
DispatchMessageW
InflateRect
CreateWindowExW
OpenInputDesktop
CallWindowProcW
GetDoubleClickTime
SetWindowLongW
PtInRect
GetMessageW
GetUserObjectInformationW
UnregisterDeviceNotification

hid

HidP_GetUsages
HidD_GetPreparsedData
HidP_GetSpecificValueCaps
HidP_GetCaps
HidD_GetProductString
HidD_GetAttributes
HidP_GetSpecificButtonCaps

atl

ord43
ord18
ord44
ord30
ord32
ord20
ord45
ord58
ord57

gdi32

DeleteDC
CreateCompatibleBitmap
SelectObject

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx

Sections

.text
Size: 210KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cb9273e28fd34befa50e117ca004f01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcrt

user32

hid

atl

gdi32

setupapi

ole32

Sections

.text Size: 210KB - Virtual size: 210KB

.data Size: 35KB - Virtual size: 34KB

.rsrc Size: 5KB - Virtual size: 532KB

.text
Size: 210KB - Virtual size: 210KB

.data
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 5KB - Virtual size: 532KB