68aea72a7f308ae7c30844397768281a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

68aea72a7f308ae7c30844397768281a_JaffaCakes118
Size

276KB
MD5

68aea72a7f308ae7c30844397768281a
SHA1

1540bbfa8d72369e898653f71e11ea8193bd918f
SHA256

59bdfba3a112dd41264c6a8a6d567524c42d6fe03c3af1b302e7d0827da587b1
SHA512

fd025964b26edb8b617d2f2140043a6a9feadf5f515bdb9897130684ebb10e9a490aebc9e608e325dc76ff837f1cc1cb9a3ae1a37f0cba8162d90d263ceb9f4e
SSDEEP

6144:TPEcwoMcCpkWEvi6D0nAHcMkt5/wBEh2e6Cxrod3X:Tz71i/Evi6onSk7wOTrod3X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68aea72a7f308ae7c30844397768281a_JaffaCakes118

Files

68aea72a7f308ae7c30844397768281a_JaffaCakes118
.exe windows:2 windows x86 arch:x86

547951e6f08a68e171cb3aed57b23a10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

OpenProcessToken
RegCreateKeyW
RegCreateKeyExW
CopySid
SetSecurityDescriptorOwner

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsExW

atl

ord32
ord30
ord57
ord58
ord16
ord43
ord18
ord44

gdi32

CreateCompatibleDC

user32

DestroyWindow
ClientToScreen
SendInput
IsWindow
LoadImageW
GetWindowLongW
CreateWindowExW
UnregisterDeviceNotification
GetThreadDesktop
OpenInputDesktop
UpdateLayeredWindow
GetMessageW
GetSysColorBrush
SetThreadDesktop
DestroyIcon
PtInRect
EnumDisplaySettingsW
SetWindowsHookExW
SetCursorPos
CallNextHookEx
GetDesktopWindow
GetSysColor
CallWindowProcW
GetDoubleClickTime
SystemParametersInfoW
MonitorFromWindow
EqualRect
DrawIconEx
UnhookWindowsHookEx
InflateRect

hid

HidD_FreePreparsedData
HidP_GetUsages
HidP_GetSpecificButtonCaps

kernel32

MapViewOfFile
GetProcAddress
DuplicateHandle
CloseHandle
CreateEventW
VirtualAlloc
GlobalDeleteAtom
CompareStringW
CreateFileMappingW
SetThreadPriority
InterlockedIncrement
DeleteCriticalSection
GetCommandLineW
HeapAlloc
OpenEventW
GetOverlappedResult
SetPriorityClass
QueryPerformanceFrequency
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
ReleaseMutex
CancelWaitableTimer
lstrcpyW
VerifyVersionInfoW
GetCurrentThread
SetWaitableTimer
GetProcessHeap
CancelIo
GetModuleHandleA
OpenProcess
UnmapViewOfFile
SetPriorityClass
GlobalAddAtomW
VirtualFree
FlushInstructionCache
CreateWaitableTimerW
GetProcessWorkingSetSize
WaitForMultipleObjectsEx

ole32

CoCreateInstance
CoTaskMemAlloc
CoUninitialize

msvcrt

fputws
__CxxFrameHandler
__p__fmode
?terminate@@YAXXZ
__dllonexit
_initterm
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_vsnwprintf
_CxxThrowException
swscanf
_onexit
__wgetmainargs
__set_app_type
free
_cexit
wcslen

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

547951e6f08a68e171cb3aed57b23a10

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

setupapi

atl

gdi32

user32

hid

kernel32

ole32

msvcrt

Sections

.text Size: 167KB - Virtual size: 167KB

.data Size: 74KB - Virtual size: 74KB

.rsrc Size: 33KB - Virtual size: 552KB

.text
Size: 167KB - Virtual size: 167KB

.data
Size: 74KB - Virtual size: 74KB

.rsrc
Size: 33KB - Virtual size: 552KB