85b1a6660a654ae5b01dba04fb0ee3b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85b1a6660a654ae5b01dba04fb0ee3b7_JaffaCakes118
Size

1.4MB
MD5

85b1a6660a654ae5b01dba04fb0ee3b7
SHA1

84740fb600e49c8690e0d33c54bb6db18aba0dce
SHA256

fdc115583c19e307be79eb891c7aac609617a945d5599f3bb7eff2a7a5faff12
SHA512

3dca414bc3d3ea5418657d3ebbe3f8b87cdca0a10a70b2bdadaf010c372c881a3f5212140fe55d1e992f7e24aa0ca4daba256823c1110845d899a258493e716c
SSDEEP

24576:yDCtsu8Ly+r8tJRDW6ngD0WKOAcHEs4ElDQ:yDCv8LWR+0WKOAcHDDQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85b1a6660a654ae5b01dba04fb0ee3b7_JaffaCakes118

Files

85b1a6660a654ae5b01dba04fb0ee3b7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7eeb7df285e9d10549f03fe3f0807554

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\sub631Base\source\bin\release\IPoint.pdb

Imports

kernel32

GetModuleHandleW
CreateFileW
GetProcAddress
WaitForMultipleObjects
CreateEventW
DeviceIoControl
GetLastError
SetEvent
MultiByteToWideChar
WaitForSingleObject
GetVersionExW
GetWindowsDirectoryW
QueryDosDeviceW
OpenProcess
lstrcpynW
lstrcmpiW
Sleep
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryW
HeapFree
HeapAlloc
GetProcessHeap
UnmapViewOfFile
ReleaseMutex
CreateProcessW
GetModuleFileNameW
DuplicateHandle
CreateMutexW
MapViewOfFile
CreateFileMappingW
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
CreateThread
CompareStringW
ExpandEnvironmentStringsW
WideCharToMultiByte
GetACP
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
FormatMessageW
ReadFile
WriteFile
FindClose
FindFirstFileW
GetLocaleInfoW
GetUserDefaultLCID
GetFullPathNameW
FreeLibrary
SystemTimeToFileTime
GetSystemTime
DeleteFileW
FindNextFileW
GetSystemDefaultLangID
GetProcessHeaps
GetDriveTypeW
GetLongPathNameW
GetTempPathW
SetProcessWorkingSetSize
GetTickCount
ProcessIdToSessionId
ReadFileEx
SleepEx
InitializeCriticalSection
GetCommandLineW
lstrlenA
SizeofResource
LockResource
LoadResource
FindResourceW
ResetEvent
GetSystemDirectoryW
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
ExitThread
GetStartupInfoW
GetModuleHandleA
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetOEMCP
IsValidCodePage
LoadLibraryA
VirtualAlloc
EnumSystemLocalesA
IsValidLocale
CloseHandle

user32

EnumWindows
SystemParametersInfoW
RemovePropW
RegisterClassW
PostThreadMessageW
GetForegroundWindow
CloseDesktop
OpenInputDesktop
DeregisterShellHookWindow
FindWindowExW
RegisterWindowMessageW
LoadStringW
GetWindowThreadProcessId
IsWindow
GetClassNameW
GetWindowTextW
FindWindowW
PostMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
KillTimer
SetTimer
PostQuitMessage
SendMessageW
LoadCursorW
RegisterShellHookWindow
MessageBoxW
DefWindowProcW
SetPropW
GetClassInfoExW
GetPropW
DestroyWindow
UnregisterClassW
RegisterClassExW
CreateWindowExW

advapi32

CopySid
GetLengthSid
IsValidSid
CheckTokenMembership
GetSidSubAuthority
InitializeSid
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetSidLengthRequired
RegEnumKeyExW
FreeSid
SetSecurityInfo
SetEntriesInAclW
AllocateAndInitializeSid
GetSecurityInfo
CryptReleaseContext
CryptAcquireContextW
CryptGenRandom

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW

oleaut32

VariantClear
SysFreeString
VariantChangeType
SysAllocString

dpgmkb

?ShowMKBWizard@DPG@@YAHW4DeviceType@1@GW4eModel@1@IPAUHWND__@@PB_WH@Z

shlwapi

PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
SHDeleteKeyW
PathRemoveExtensionW
PathIsFileSpecW
PathStripPathW
PathMatchSpecW
PathRemoveFileSpecW
PathAddBackslashW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

hid

HidP_UnsetUsages
HidP_GetSpecificButtonCaps
HidP_SetUsages
HidP_GetSpecificValueCaps
HidP_SetUsageValue
HidD_GetFeature
HidD_SetFeature
HidP_GetUsageValue
HidP_GetUsages
HidP_MaxUsageListLength
HidP_UsageListDifference
HidP_GetLinkCollectionNodes
HidD_GetHidGuid
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_GetAttributes

sqmapi

SqmStartUpload
SqmEndSession
SqmStartSession
SqmAddToStreamDWord
SqmSetUserId
SqmSet
SqmWriteSharedUserId
SqmReadSharedUserId
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetAppVersion
SqmSetAppId
SqmGetSession
SqmWaitForUploadComplete

userenv

UnloadUserProfile

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance

cfgmgr32

CM_Get_Parent
CM_Get_Device_IDW

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

ws2_32

WSALookupServiceBeginW
WSALookupServiceNextW
WSAGetLastError
WSACleanup
WSALookupServiceEnd
WSAStartup

psapi

EnumProcessModules
GetModuleFileNameExW

Sections

.text
Size: 824KB - Virtual size: 820KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7eeb7df285e9d10549f03fe3f0807554

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

oleaut32

dpgmkb

shlwapi

version

hid

sqmapi

userenv

ole32

cfgmgr32

setupapi

ws2_32

psapi

Sections

.text Size: 824KB - Virtual size: 820KB

.rdata Size: 456KB - Virtual size: 452KB

.data Size: 36KB - Virtual size: 74KB

.rsrc Size: 28KB - Virtual size: 26KB

.reloc Size: 84KB - Virtual size: 82KB

.text
Size: 824KB - Virtual size: 820KB

.rdata
Size: 456KB - Virtual size: 452KB

.data
Size: 36KB - Virtual size: 74KB

.rsrc
Size: 28KB - Virtual size: 26KB

.reloc
Size: 84KB - Virtual size: 82KB