82e08a26c44aea074ec423878997deb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

82e08a26c44aea074ec423878997deb2_JaffaCakes118
Size

372KB
MD5

82e08a26c44aea074ec423878997deb2
SHA1

fa812dbdc74488e8a0aff1a7f139b9b2afbf423a
SHA256

8a246b5f12c5e6a7f9a4db443f1ee74adc792854557e8a8eda86582d6fbf2d71
SHA512

abe9a4e19caebae03385dbc1fa4f5c53b8fa36e4c670ed9fb5fb0403170c96ca131a9a6422bccd9082fa438227c871d53f717131327c1d27c62d95f1d95b4117
SSDEEP

6144:FiJ1ZEgnnLH1udcR+2fyzqMj6qTDHm5wfdk6R/LJjB:wJ1ZxnnJuKpyzqMdHHm5wlk+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82e08a26c44aea074ec423878997deb2_JaffaCakes118

Files

82e08a26c44aea074ec423878997deb2_JaffaCakes118
.exe windows:6 windows x86 arch:x86

32ae4dc2064c192671f15ef2d89bb96a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workarea\8.77.2.1\drivers\2d\dal\eeu\build\client\w7\B_rel\atieclxx.pdb

Imports

user32

DefWindowProcA
DestroyWindow
PostQuitMessage
BroadcastSystemMessageA
UpdateWindow
ShowWindow
ChangeWindowMessageFilter
RegisterWindowMessageA
SystemParametersInfoA
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostThreadMessageA
KillTimer
SetTimer
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetForegroundWindow
EnumDisplaySettingsExA
EnumWindows
GetPropA
RedrawWindow
EnumDisplayDevicesA
SendInput
EnumDisplaySettingsA
ChangeDisplaySettingsExA
PostMessageA
GetMessageA
DispatchMessageA
RegisterClassA
CreateWindowExA

gdi32

D3DKMTOpenAdapterFromHdc
D3DKMTPollDisplayChildren
D3DKMTQueryAdapterInfo
D3DKMTInvalidateActiveVidPn
D3DKMTEscape
D3DKMTCloseAdapter
SetDeviceGammaRamp
CreateDCA
DeleteDC

advapi32

RegQueryValueExA
RegisterEventSourceA
ReportEventA
RegOpenCurrentUser
RegDeleteKeyA
RegOpenKeyExA
RegGetValueA
RegDeleteValueA
RegSetValueExW
RegCreateKeyExA
RegSetValueExA
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetCurrentHwProfileA

userenv

UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSQuerySessionInformationA
WTSQueryUserToken
WTSFreeMemory
WTSRegisterSessionNotification

powrprof

PowerSettingAccessCheck
PowerWriteACDefaultIndex
PowerWritePossibleValue
PowerWritePossibleFriendlyName
PowerCreatePossibleSetting
PowerWriteFriendlyName
PowerCreateSetting
PowerRemovePowerSetting
PowerSetActiveScheme
PowerGetActiveScheme
PowerWriteSettingAttributes
PowerReadSettingAttributes
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerEnumerate
PowerReadDCValueIndex
PowerWriteDCDefaultIndex
PowerReadACValueIndex

setupapi

CM_Reenumerate_DevNode
CM_Locate_DevNodeA
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetHwProfileList
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInstanceIdA
CM_Get_Device_ID_ExA

kernel32

GetLocaleInfoA
GetConsoleOutputCP
EnumSystemLocalesA
GetTimeFormatA
GetStringTypeW
IsValidLocale
IsValidCodePage
SetConsoleCtrlHandler
InterlockedExchange
LoadLibraryExA
WriteConsoleA
InitializeCriticalSection
CreateFileA
SetStdHandle
GetDateFormatA
WriteConsoleW
RaiseException
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoW
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
ReadFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetUserDefaultLCID
GetStringTypeA
HeapReAlloc
VirtualAlloc
SetFilePointer
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
MapViewOfFile
OpenFileMappingA
Sleep
OutputDebugStringA
WTSGetActiveConsoleSessionId
LocalFree
GetSystemPowerStatus
CreateProcessA
lstrlenW
GetLastError
CloseHandle
QueryFullProcessImageNameW
OpenProcess
GetLocalTime
GetTickCount
GetExitCodeThread
CreateEventA
OpenEventA
WaitForSingleObject
WaitForMultipleObjects
SetEvent
ResetEvent
GetCurrentThreadId
GetVersionExA
GetSystemDirectoryA
CreateThread
SetThreadPriority
CreateMutexA
OpenMutexA
ReleaseMutex
GetProcAddress
LoadLibraryA
FreeLibrary
WinExec
GetCommandLineA
GetStartupInfoA
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetCPInfo

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32ae4dc2064c192671f15ef2d89bb96a

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

kernel32

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB