5e5dfe5526f54aa4b4186276c04e70b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e5dfe5526f54aa4b4186276c04e70b9_JaffaCakes118
Size

269KB
MD5

5e5dfe5526f54aa4b4186276c04e70b9
SHA1

d95d49c4ab6fdc47171f037d74772bd62eb898b3
SHA256

69950be0f898e961422b743f1cf11a1fd3a79e38c609d155d9e694e408ebd039
SHA512

f8ec40a5062077518ba865b98ebab8e574bc7a7a44269120e51a7c4ea2d2ac4ed66e003425c3c7ec27c0a11b877b9284e31ac46e3e53d763a0defce2be846ddf
SSDEEP

6144:rCvcDBN/DvH7WJdjwIlY+8cj0350IZq+acWIlDs:rCvcDBN/DHCdjJWAI35Vq+acWIlDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e5dfe5526f54aa4b4186276c04e70b9_JaffaCakes118

Files

5e5dfe5526f54aa4b4186276c04e70b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d5c66350d8a5501d3f48b325b1eaa26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetEvent
CreateFileMappingW
CreateEventW
VirtualAlloc
UnmapViewOfFile
VerSetConditionMask
QueueUserAPC
MulDiv
WaitForSingleObject
GetProcessWorkingSetSize
GetTickCount
FlushInstructionCache
OpenProcess
CloseHandle
DeleteCriticalSection
SetPriorityClass
SetThreadExecutionState
SetProcessShutdownParameters
GetOverlappedResult
InterlockedDecrement
GetTickCount
CreateWaitableTimerW
QueryPerformanceFrequency
CancelWaitableTimer
CancelIo
GetCurrentProcess
VirtualFree
ReadFile
GetCurrentThreadId
LoadLibraryW
VerifyVersionInfoW
FreeLibrary
SetPriorityClass
GetLastError
InterlockedIncrement
MapViewOfFile

advapi32

SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
RegDeleteKeyW
RegCreateKeyW
OpenProcessToken
RegOpenKeyExA
SetSecurityDescriptorOwner
RegCreateKeyExW
GetLengthSid
RegQueryValueExW
RegCloseKey
RegEnumKeyW
RegOpenKeyW
RegSetValueExW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiEnumDeviceInfo

hid

HidP_GetCaps
HidP_GetSpecificValueCaps
HidD_GetAttributes
HidP_MaxUsageListLength
HidP_GetUsages
HidD_GetPreparsedData
HidD_GetProductString

ole32

CoInitializeEx
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance

user32

EqualRect
MonitorFromPoint
ReleaseDC
OpenDesktopW
ShowWindow
IntersectRect
WindowFromPoint
PostMessageW
CallWindowProcW
GetDesktopWindow
PtInRect
GetMessageW
MoveWindow
SendInput
ClientToScreen
GetDC
CallNextHookEx
GetDoubleClickTime
GetAncestor
SystemParametersInfoW
SetWindowsHookExW
UnhookWindowsHookEx
RegisterDeviceNotificationW
CloseDesktop
DestroyIcon
DestroyWindow

msvcrt

??3@YAXPAX@Z
_itow
__dllonexit
_CIpow
_except_handler3
_purecall
?terminate@@YAXXZ
_exit
_CxxThrowException
_wfopen
fclose
swscanf
__p__commode
_beginthreadex
_vsnwprintf
_ftol
__wgetmainargs
fputws
_controlfp

gdi32

DeleteDC
SelectObject
CreateCompatibleDC

atl

ord57
ord32
ord20
ord23

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d5c66350d8a5501d3f48b325b1eaa26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

setupapi

hid

ole32

user32

msvcrt

gdi32

atl

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 71KB - Virtual size: 71KB

.rsrc Size: 19KB - Virtual size: 572KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 71KB - Virtual size: 71KB

.rsrc
Size: 19KB - Virtual size: 572KB