a356418bb0c7e573374624c9edfeee18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a356418bb0c7e573374624c9edfeee18_JaffaCakes118
Size

246KB
MD5

a356418bb0c7e573374624c9edfeee18
SHA1

102425a11fec3b7eeafe27e879a04d38a7b46cbf
SHA256

4edcc0cad860693426ca24b34d0034086d3eeff708792243723e614d796a7d11
SHA512

009f6dd9c0c2e6d64e64b9053823f83ad99e05e2b359c47def97713e029c1dfaa632327b2ad170e3468fb433846bcf462fdb47d921805e690c34d65df50871af
SSDEEP

6144:Xy+jn6jEyG+5RRAmx3Wt/gj+F4f9J0aLVXuKyoh+hczs/xAau8a8:yjENmRAmtu/qkYgaso5eXha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a356418bb0c7e573374624c9edfeee18_JaffaCakes118

Files

a356418bb0c7e573374624c9edfeee18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a2c898f6b2aa1e02ebaa02beb7d3538

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

QueueUserAPC
GetTickCount
VirtualAlloc
VirtualFree
VerifyVersionInfoW
LeaveCriticalSection
FreeLibrary
InterlockedDecrement
GetProcessHeap
VerSetConditionMask
CloseHandle
SetWaitableTimer
WaitForMultipleObjectsEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
SetProcessShutdownParameters
SetPriorityClass
CreateWaitableTimerW
GetTickCount
GetCurrentThread
QueryPerformanceCounter
lstrlenW
CreateEventW
DeleteCriticalSection
ReadFile
CancelWaitableTimer
HeapFree
CloseHandle
GetProcessWorkingSetSize
SetPriorityClass
SetEvent

atl

ord20
ord44
ord30
ord45
ord58
ord18

advapi32

SetSecurityDescriptorOwner
RegOpenKeyW
SetSecurityDescriptorDacl
RegCreateKeyExW
RegSetValueExW
CopySid
RegOpenKeyExA
RegQueryValueExW
OpenThreadToken
RegCreateKeyW
RegQueryValueExA

hid

HidP_GetUsageValue
HidD_GetAttributes
HidD_FreePreparsedData
HidP_GetUsages
HidD_GetPreparsedData
HidD_GetProductString
HidP_MaxUsageListLength

setupapi

SetupDiGetDeviceInterfaceDetailW

user32

DefWindowProcW
GetThreadDesktop
SetCursorPos
CallNextHookEx
CloseDesktop
GetUserObjectInformationW
CreateWindowExW
PostMessageW
MonitorFromPoint
SystemParametersInfoW
UpdateLayeredWindow
GetPropW
DestroyIcon
CallWindowProcW
FillRect
GetWindowLongW
PtInRect
IsWindow

msvcrt

free
_adjust_fdiv
wcscmp
wcsstr
swscanf
_initterm
_purecall
exit
wcscpy
_except_handler3
__set_app_type
??1type_info@@UAE@XZ
_wcmdln
?terminate@@YAXXZ
_exit
_vsnwprintf
__setusermatherr
_itow
__CxxFrameHandler
__p__fmode
_wfopen
fclose
_ftol

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize

gdi32

GetDeviceCaps
DeleteObject
CreateCompatibleBitmap

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a2c898f6b2aa1e02ebaa02beb7d3538

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

atl

advapi32

hid

setupapi

user32

msvcrt

ole32

gdi32

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 58KB - Virtual size: 58KB

.rsrc Size: 5KB - Virtual size: 588KB

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 5KB - Virtual size: 588KB