683f551db1d5908166cd7f0247f11738_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

683f551db1d5908166cd7f0247f11738_JaffaCakes118
Size

548KB
MD5

683f551db1d5908166cd7f0247f11738
SHA1

38f09dcd137981894c5a65961ae20fcad755a227
SHA256

f223f24ab393fd074051ec67100926613cba6c6d924083639dc7bcdbc3dfca4d
SHA512

94276909c581b705f6fccd20b67265023499cec0ec2e97741629d12276dc4b1a5c687f0555a6eb0d6fa92b5b28fa59f439007d3d7b41fbe95245194d9c06b01b
SSDEEP

12288:VTXKA583/NZllTlxG8whb58k7DK0aYJra3I:VzKE8vTllTPWDWYJra3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
683f551db1d5908166cd7f0247f11738_JaffaCakes118

Files

683f551db1d5908166cd7f0247f11738_JaffaCakes118
.exe windows:5 windows x86 arch:x86

41633f5359707a97aaad5fd3a11c8a7f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workarea\8.503.2.2\drivers\2d\dal\extevents\polling\build\w32\B_rel\ati2evxx.pdb

Imports

kernel32

FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
GetTickCount
LocalFree
LocalAlloc
OpenFile
GetLocalTime
Beep
GetPrivateProfileStringA
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
QueryPerformanceCounter
DisconnectNamedPipe
SetStdHandle
SetConsoleCtrlHandler
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
ReadFile
SetUnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
RaiseException
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
VirtualQuery
InterlockedExchange
HeapSize
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
IsBadReadPtr
RtlUnwind
GetCurrentThread
SetThreadPriority
GetSystemDirectoryA
CreateProcessA
OpenProcess
ExitThread
TerminateThread
GetCurrentProcess
WideCharToMultiByte
DeleteFileA
GetProcessHeap
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
GetCurrentProcessId
CreateSemaphoreA
InterlockedDecrement
InterlockedIncrement
PulseEvent
CreateMutexA
ReleaseSemaphore
DeviceIoControl
GetVersionExA
GetSystemPowerStatus
CreateThread
GetModuleFileNameA
GetExitCodeProcess
TerminateProcess
GetSystemTime
CreateFileA
SetFilePointer
WriteFile
ExitProcess
OpenMutexA
ReleaseMutex
OutputDebugStringA
CallNamedPipeA
GetProcAddress
FreeLibrary
LoadLibraryA
OpenEventA
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
ResetEvent
Sleep
GetLastError
CloseHandle
IsBadCodePtr
GetCurrentThreadId

user32

DestroyWindow
EnumDisplaySettingsA
KillTimer
UnregisterDeviceNotification
RegisterDeviceNotificationA
SystemParametersInfoA
SendInput
EnumWindows
SendMessageA
GetPropA
RegisterWindowMessageA
RegisterHotKey
UnregisterHotKey
GetForegroundWindow
GetDesktopWindow
OpenDesktopA
BroadcastSystemMessageA
ExitWindowsEx
SendNotifyMessageA
MsgWaitForMultipleObjects
GetCursorPos
MonitorFromPoint
GetMonitorInfoA
GetMessageA
DispatchMessageA
TranslateMessage
IsWindow
GetWindowThreadProcessId
DefWindowProcA
PostMessageA
FindWindowA
RegisterClassA
CreateWindowExA
ShowWindow
MessageBoxA
EnumDisplayDevicesA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
EnumDisplaySettingsExA
GetSystemMetrics
SetWindowPos
GetCursor
LoadCursorA
SetCursor
SetTimer
CloseDesktop

gdi32

DeleteDC
CreateDCA
ExtEscape

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

userenv

UnloadUserProfile
LoadUserProfileA
GetUserProfileDirectoryW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameA

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInfoListDetailA
SetupDiGetClassDevsA
SetupDiSetClassInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceInstanceIdA
CM_Reenumerate_DevNode
CM_Get_DevNode_Registry_PropertyA
CM_Get_Device_ID_ExA
CM_Get_Parent
SetupDiCallClassInstaller

advapi32

RegisterEventSourceA
DeregisterEventSource
StartServiceA
RegSetValueExA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
RegDeleteValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetServiceStatus
CreateProcessAsUserA
RegCreateKeyA
CreateServiceA
DeleteService
RegisterServiceCtrlHandlerExA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegOpenCurrentUser
FreeSid
RegCreateKeyExA
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
GetLengthSid
OpenProcessToken
CheckTokenMembership
AdjustTokenPrivileges
LookupPrivilegeValueA
RevertToSelf
GetUserNameA
ImpersonateLoggedOnUser
SetThreadToken
OpenThreadToken
ReportEventA

Sections

.text
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41633f5359707a97aaad5fd3a11c8a7f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

userenv

psapi

setupapi

advapi32

Sections

.text Size: 384KB - Virtual size: 381KB

.rdata Size: 144KB - Virtual size: 141KB

.data Size: 8KB - Virtual size: 30KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 384KB - Virtual size: 381KB

.rdata
Size: 144KB - Virtual size: 141KB

.data
Size: 8KB - Virtual size: 30KB

.rsrc
Size: 8KB - Virtual size: 4KB