61e8ca979a4ab8599da7b6eb110288ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

61e8ca979a4ab8599da7b6eb110288ac_JaffaCakes118
Size

249KB
MD5

61e8ca979a4ab8599da7b6eb110288ac
SHA1

118f70665920c6a13238fea9c993a1f72310c39d
SHA256

1f1c99eeb2c9536ba46b461d9b8b5695d9ee66625a9624cf63ca552d649811df
SHA512

4bdf1be9fe9f77d2d076c1180c5073e3cfe7424da5a9955d46541818e49917f267d77b32fb44192ff26395f8de25f79b37a758d3596d98df87c6cd29c98f072b
SSDEEP

6144:gdwa3+gED43GHzt/S8VduyJW2qyqOSFrHZAEk:gdwa3/ED4aztdc2bqTtt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61e8ca979a4ab8599da7b6eb110288ac_JaffaCakes118

Files

61e8ca979a4ab8599da7b6eb110288ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff11b140303c6e89415ca11b6850571e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetProcAddress
GlobalDeleteAtom
WaitForSingleObject
FlushInstructionCache
GetTickCount
GetCurrentThread
GetProcessHeap
SetEvent
SetThreadPriority
CloseHandle
LocalFree
VerSetConditionMask
ReleaseMutex
VirtualAlloc
GetTickCount
GetEnvironmentVariableA
CreateMutexW
CloseHandle
GetCurrentThreadId
VirtualFree
CancelWaitableTimer
OpenProcess
DuplicateHandle
QueryPerformanceFrequency
GetCurrentProcess
DeleteCriticalSection
SetWaitableTimer

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

atl

ord45
ord23
ord58
ord32
ord30

hid

HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidD_GetAttributes

msvcrt

_cexit
_CIpow
_wcsicmp
swscanf
__set_app_type
wcscmp
?terminate@@YAXXZ
??2@YAPAXI@Z
_wcmdln
_CxxThrowException
__wgetmainargs
__setusermatherr
__p__fmode
??3@YAXPAX@Z
_ftol
_exit
_onexit
_c_exit
wcscpy
fputws

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx

advapi32

InitializeSecurityDescriptor
OpenProcessToken
RegOpenKeyW
RegQueryValueExA
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegSetValueW

gdi32

CreateCompatibleDC

user32

MoveWindow
UpdateLayeredWindow
GetUserObjectInformationW
GetMessageW
CallNextHookEx
GetDC
DrawIconEx
GetClientRect
SetWindowLongW
DestroyIcon
GetSysColor
WindowFromPoint
MonitorFromWindow
SetThreadDesktop
GetPropW
OpenDesktopW
SetWindowsHookExW
DispatchMessageW

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff11b140303c6e89415ca11b6850571e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

setupapi

atl

hid

msvcrt

ole32

advapi32

gdi32

user32

Sections

.text Size: 186KB - Virtual size: 186KB

.data Size: 54KB - Virtual size: 54KB

.rsrc Size: 7KB - Virtual size: 548KB

.text
Size: 186KB - Virtual size: 186KB

.data
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 7KB - Virtual size: 548KB