b76928353504dd158d0275b0f50bdbd2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b76928353504dd158d0275b0f50bdbd2_JaffaCakes118
Size

265KB
MD5

b76928353504dd158d0275b0f50bdbd2
SHA1

d6c56e7703626d1874d4aa45b8fc0f118836a82c
SHA256

2ca59fb35f33a5e512ff286aba5062d03479fe7724bf2a45d8d890001a912095
SHA512

c22eabd5c14e6bd0506bab7389144094e96e5098ab8eda411a93216a8950bd01aa77111a999833a507912f419518746ace4c2045947cfa77514d8a7d4406e753
SSDEEP

6144:ZSfHsu6O+MjabMLbzeAIorOvxhYBRO63LcJCT/FL:Z4Hsu6O+MBLeloWhqON

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b76928353504dd158d0275b0f50bdbd2_JaffaCakes118

Files

b76928353504dd158d0275b0f50bdbd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7fc0ef4ae4e3fd75645c733eb56162b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

InitializeSecurityDescriptor
RegQueryValueExW
RegSetValueExW
CopySid
RegCreateKeyW
RegQueryValueExA
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExA
SetSecurityDescriptorDacl
OpenProcessToken
SetSecurityDescriptorOwner

ole32

CoCreateInstance
CoInitializeSecurity
CoInitializeEx

msvcrt

_CxxThrowException
_controlfp
_XcptFilter
free
__set_app_type
_wfopen
fclose
swscanf
_beginthreadex
??3@YAXPAX@Z
__p__commode
_onexit
__dllonexit
_wcsicmp
wcslen
exit
fputws
_vsnwprintf
malloc
_adjust_fdiv
__wgetmainargs
wcscpy
??2@YAPAXI@Z

gdi32

DeleteObject
GetDeviceCaps
CreateSolidBrush
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

hid

HidP_GetSpecificValueCaps
HidD_GetPreparsedData
HidD_GetAttributes
HidP_GetCaps
HidP_MaxUsageListLength

atl

ord18
ord17
ord23
ord30
ord58
ord20
ord43
ord16

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW

user32

DefWindowProcW
UnhookWindowsHookEx
GetWindowLongW
SetWindowsHookExW
CallWindowProcW
GetSysColorBrush
LoadImageW
MonitorFromWindow
SendInput
ReleaseDC
EnumDisplaySettingsW
PtInRect
IsWindow
RegisterDeviceNotificationW
SetWindowLongW
RegisterWindowMessageW
PostMessageW
SystemParametersInfoW
InflateRect
GetThreadDesktop
ShowWindow
GetDesktopWindow
DispatchMessageW
EqualRect
PostThreadMessageW
GetPropW
DrawIconEx
GetDC
UpdateLayeredWindow
SetCursorPos
MonitorFromPoint

kernel32

lstrlenW
ReadFile
GetTickCount
GetModuleHandleA
QueryPerformanceFrequency
ReleaseMutex
CloseHandle
GlobalDeleteAtom
GetSystemDirectoryW
GetOverlappedResult
GetPriorityClass
GetCommandLineW
MapViewOfFile
VirtualAlloc
CompareStringW
GetTickCount
GetCurrentThread
FlushInstructionCache
LoadLibraryW
GlobalAddAtomW
InterlockedDecrement
GetStartupInfoW
QueryPerformanceCounter
CreateFileMappingW
OpenProcess
GetProcAddress
GetProcessWorkingSetSize
CancelIo
SetThreadPriority
VerifyVersionInfoW
CreateFileW
LeaveCriticalSection
HeapFree
SetThreadExecutionState
CancelWaitableTimer
VirtualFree
GetCurrentProcess
WaitForSingleObject

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7fc0ef4ae4e3fd75645c733eb56162b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

msvcrt

gdi32

hid

atl

setupapi

user32

kernel32

Sections

.text Size: 180KB - Virtual size: 180KB

.data Size: 66KB - Virtual size: 66KB

.rsrc Size: 17KB - Virtual size: 532KB

.text
Size: 180KB - Virtual size: 180KB

.data
Size: 66KB - Virtual size: 66KB

.rsrc
Size: 17KB - Virtual size: 532KB