73f23a139768f1e47602f2a0531e8bfe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

73f23a139768f1e47602f2a0531e8bfe_JaffaCakes118
Size

289KB
MD5

73f23a139768f1e47602f2a0531e8bfe
SHA1

4cbdffffb8f32b40a3f82173114b82a4cf9b98d5
SHA256

3acbb23c1c214f81e0a060b4f1163e043fd160855f2628589103b6da0e64a743
SHA512

7286bcf4eacadb11471eadd394d417cb6bbac5cfebbc3759ff2858b582828c5762013b6fc2b9d264cc14b36ba97535cd1758ef0f46f0a76c3dac5ba2335485d7
SSDEEP

6144:VsJXGcjXxgASwnG12Ihhu98T7/VjAoORCpR2Kl/jT:qJ2clHjnU2f98vtjNOsR2KZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73f23a139768f1e47602f2a0531e8bfe_JaffaCakes118

Files

73f23a139768f1e47602f2a0531e8bfe_JaffaCakes118
.exe windows:2 windows x86 arch:x86

4d97dd7194cf85fbbadd37607709442f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

DeleteDC
CreateCompatibleBitmap

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_FreePreparsedData
HidP_GetSpecificButtonCaps

atl

ord23
ord30
ord20
ord58
ord17
ord16

kernel32

EnterCriticalSection
FreeLibrary
CreateFileW
FlushInstructionCache
SetProcessShutdownParameters
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
DeleteCriticalSection
SetThreadPriority
VirtualAlloc
QueueUserAPC
CloseHandle
GetTickCount
lstrlenW
GetSystemDirectoryW
VirtualFree
GetCurrentThreadId
GetTickCount
LocalFree
WaitForMultipleObjects
GetEnvironmentVariableA
InitializeCriticalSection
CreateFileMappingW
GetStartupInfoW
LoadLibraryW
OpenEventW
GetCurrentThread
GlobalAddAtomW
SetEvent
CreateWaitableTimerW
GlobalDeleteAtom
MulDiv

user32

GetMessageW
OpenDesktopW
EnumDisplaySettingsW
RegisterDeviceNotificationW
PtInRect
UnregisterDeviceNotification
GetThreadDesktop
RegisterWindowMessageW
GetClientRect
PostThreadMessageW
InflateRect
CallWindowProcW
DefWindowProcW
GetPropW
UnhookWindowsHookEx

msvcrt

wcslen
fclose
__p__commode
_cexit
__wgetmainargs
_exit
_wcmdln
_XcptFilter
swscanf
__setusermatherr
wcsstr
__CxxFrameHandler
_wfopen
free
fputws
_ftol

ole32

CoTaskMemAlloc
CoUninitialize

advapi32

RegCloseKey
OpenThreadToken
SetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
GetLengthSid
OpenProcessToken
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW

Sections

.text
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d97dd7194cf85fbbadd37607709442f

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

setupapi

hid

atl

kernel32

user32

msvcrt

ole32

advapi32

Sections

.text Size: 215KB - Virtual size: 215KB

.data Size: 40KB - Virtual size: 39KB

.rsrc Size: 33KB - Virtual size: 568KB

.text
Size: 215KB - Virtual size: 215KB

.data
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 33KB - Virtual size: 568KB