44c04c1c75edc24bf2f5b702e390a989_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44c04c1c75edc24bf2f5b702e390a989_JaffaCakes118
Size

262KB
MD5

44c04c1c75edc24bf2f5b702e390a989
SHA1

8b8e49d99301511dc022440bed7defcb65aaf606
SHA256

896bf495d5c1f3b169fbcf09a954bbfcaba65c765ae9260ee29d3e26339f19a2
SHA512

fedc317296eb973ebb922841242ad71baa7f89e886753af2bd3030fc9eec80dda9ec818ebb5d2c010eb78403cc95d92d654a1ae85366ee11aebbe429ddeb6d48
SSDEEP

6144:TB+jdXY/hiL7lJ73JvI5hvPdbk7jMIrv5FE0SI0C8Oz4:N+xy2BJ73JgjndIZF3SI0C8Oz4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c04c1c75edc24bf2f5b702e390a989_JaffaCakes118

Files

44c04c1c75edc24bf2f5b702e390a989_JaffaCakes118
.exe windows:3 windows x86 arch:x86

86f62e3cf22a5bc16d4f7b30787e22ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

atl

ord30
ord32
ord16
ord20
ord17
ord43
ord44

advapi32

RegOpenKeyExW
GetTokenInformation
RegDeleteKeyW
RegEnumKeyW
CopySid
RegOpenKeyW
OpenProcessToken
SetSecurityDescriptorDacl
OpenThreadToken
GetLengthSid
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegQueryValueExW
RegSetValueExW
RegQueryValueExA

msvcrt

wcscpy
?terminate@@YAXXZ
__p__commode
swscanf
wcsstr
_controlfp
__wgetmainargs
_c_exit
__set_app_type
_XcptFilter
_adjust_fdiv
__p__fmode
??1type_info@@UAE@XZ
_ftol
_CIpow
_wfopen
__setusermatherr
_wcmdln
_exit
??2@YAPAXI@Z
fputws

gdi32

DeleteDC
CreateSolidBrush
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetSpecificValueCaps
HidP_GetSpecificButtonCaps
HidP_GetCaps
HidD_GetHidGuid

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoTaskMemFree

kernel32

GetCurrentThreadId
GetProcessWorkingSetSize
GetCurrentThread
SetThreadExecutionState
FreeLibrary
InitializeCriticalSectionAndSpinCount
VirtualFree
FlushInstructionCache
SetPriorityClass
InterlockedIncrement
QueryPerformanceCounter
WaitForMultipleObjects
lstrcpyW
DuplicateHandle
GetCommandLineW
OpenProcess
CreateEventW
EnterCriticalSection
LeaveCriticalSection
CreateFileMappingW
GetSystemDirectoryW
SetWaitableTimer
GetTickCount
CancelIo
VerifyVersionInfoW
SetPriorityClass
InterlockedDecrement
DeleteCriticalSection
SetProcessShutdownParameters
UnmapViewOfFile
GetCurrentProcess
CreateFileW
QueryPerformanceFrequency
VirtualAlloc
GetProcessHeap
GetModuleHandleA
CancelWaitableTimer
MulDiv
lstrlenW
CloseHandle
WaitForMultipleObjectsEx
GetTickCount
CloseHandle

user32

DefWindowProcW
GetDesktopWindow
OpenDesktopW
MonitorFromWindow
DispatchMessageW
IntersectRect
GetMessageW
IsWindow
ReleaseDC
GetSysColorBrush
CallNextHookEx
CallWindowProcW
LoadStringW
SetWindowsHookExW
CloseDesktop
UnregisterDeviceNotification
DestroyWindow
GetUserObjectInformationW
CharNextW
OpenInputDesktop
PostThreadMessageW
UnhookWindowsHookEx
CreateWindowExW
EnumDisplaySettingsW
EqualRect

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86f62e3cf22a5bc16d4f7b30787e22ab

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

atl

advapi32

msvcrt

gdi32

hid

ole32

kernel32

user32

Sections

.text Size: 173KB - Virtual size: 173KB

.data Size: 70KB - Virtual size: 70KB

.rsrc Size: 17KB - Virtual size: 544KB

.text
Size: 173KB - Virtual size: 173KB

.data
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 17KB - Virtual size: 544KB