5c6c7d522454a5e56d2139d4bc0a8c99_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c6c7d522454a5e56d2139d4bc0a8c99_JaffaCakes118
Size

344KB
MD5

5c6c7d522454a5e56d2139d4bc0a8c99
SHA1

aeafc6ef6cc438dd98342a9b0f5d2862f86b0c3b
SHA256

73518bb5c7b6000b95090cace4034b6a9687aae572e0e4f032e4172698ba6da7
SHA512

19942eb8fa4f1b51ae85dff7924a86073a3367b1e264eb91b4ceeadcd7271a370deb47ed2445a90a0b1c133f0480e0ae22ed82ad13a540c60152677f4b00cd8d
SSDEEP

6144:W7JsZ0SmGylYx0gf0wDMAfjZvjf0Bc+ZcGQiVA/LuOCA:W7SZ0SclYJLoAfjtmc+Z7Q5V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c6c7d522454a5e56d2139d4bc0a8c99_JaffaCakes118

Files

5c6c7d522454a5e56d2139d4bc0a8c99_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e4e1cf36b9f5f38ac4bf6b2565c7b2fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workarea\8.632.1.2\drivers\2d\dal\eeu\build\client\w7\B_rel\atieclxx.pdb

Imports

user32

DestroyWindow
PostQuitMessage
DefWindowProcA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
DispatchMessageA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetForegroundWindow
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostThreadMessageA
KillTimer
SetTimer
EnumDisplaySettingsExA
EnumWindows
GetPropA
RedrawWindow
EnumDisplayDevicesA
SendInput
EnumDisplaySettingsA
ChangeDisplaySettingsExA
PostMessageA
GetMessageA

gdi32

D3DKMTCloseAdapter
D3DKMTQueryAdapterInfo
D3DKMTInvalidateActiveVidPn
D3DKMTOpenAdapterFromHdc
D3DKMTEscape
SetDeviceGammaRamp
CreateDCA
DeleteDC
D3DKMTPollDisplayChildren

advapi32

RegQueryValueExA
RegisterEventSourceA
ReportEventA
RegOpenCurrentUser
RegDeleteKeyA
RegOpenKeyExA
RegGetValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetCurrentHwProfileA

userenv

UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA
WTSRegisterSessionNotification

powrprof

PowerGetActiveScheme
PowerWriteACDefaultIndex
PowerWritePossibleValue
PowerWritePossibleFriendlyName
PowerCreatePossibleSetting
PowerWriteFriendlyName
PowerCreateSetting
PowerRemovePowerSetting
PowerReadDCValueIndex
PowerReadACValueIndex
PowerSettingAccessCheck
PowerEnumerate
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCDefaultIndex

setupapi

CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
CM_Get_Device_IDA
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInstanceIdA
CM_Get_Device_ID_ExA

kernel32

VirtualProtect
IsValidLocale
SetConsoleCtrlHandler
GetLocaleInfoA
InterlockedExchange
LoadLibraryExA
InitializeCriticalSection
CreateFileA
RaiseException
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
EnumSystemLocalesA
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidCodePage
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapReAlloc
VirtualAlloc
SetFilePointer
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
MapViewOfFile
OpenFileMappingA
Sleep
OutputDebugStringA
WTSGetActiveConsoleSessionId
GetProcAddress
LoadLibraryA
FreeLibrary
CreateProcessA
LocalFree
GetLocalTime
GetTickCount
CloseHandle
GetExitCodeThread
CreateEventA
OpenEventA
WaitForSingleObject
WaitForMultipleObjects
SetEvent
ResetEvent
GetLastError
GetVersionExA
GetSystemDirectoryA
CreateThread
SetThreadPriority
CreateMutexA
OpenMutexA
ReleaseMutex
GetCurrentThreadId
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleW
TlsGetValue
TlsAlloc

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e1cf36b9f5f38ac4bf6b2565c7b2fc

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

kernel32

Sections

.text Size: 248KB - Virtual size: 244KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 248KB - Virtual size: 244KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 8KB - Virtual size: 4KB