bd959b8b83d9f96b56b80eed118f3771_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd959b8b83d9f96b56b80eed118f3771_JaffaCakes118
Size

150KB
MD5

bd959b8b83d9f96b56b80eed118f3771
SHA1

f1ef478eaf263ca22c2534d85e82158b3018405d
SHA256

ab265d7f65e2b78aa0636e5c63276d6311850126e6cab5d93c287f5f1d8218d2
SHA512

9db33b690a8340f6899f26163b9f29d08ddd00ffea58c534abcce4b0ee4822ecfcd254a14c9bcb361ada06b7dbff403b6eba4f9b80981abeda026401294470f1
SSDEEP

3072:uQsRXQOsNUHufdUsU6M+S92wADXXmEc0AFvv4aDzgSKkx8uS/2:uRXQOkUHOYADXhf2gSKkSu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd959b8b83d9f96b56b80eed118f3771_JaffaCakes118

Files

bd959b8b83d9f96b56b80eed118f3771_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ab0211c82969590180eec8c6d77b0a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\bld\r195_24\drivers\ui\nvsvc\Win32\Release\bin\nvsvc32.pdb

Imports

userenv

LoadUserProfileW
UnloadUserProfile

powrprof

CallNtPowerInformation

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

DeleteCriticalSection
ResetEvent
WaitForMultipleObjects
CreateEventW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
TerminateThread
lstrcmpiW
PulseEvent
CreateFileW
GetVersionExA
GetModuleHandleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeA
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetCurrentProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
LCMapStringW
GetStringTypeW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
CreateFileA
HeapAlloc
HeapFree
MultiByteToWideChar
OpenEventW
LocalAlloc
LocalFree
WideCharToMultiByte
FormatMessageW
GetSystemDirectoryW
GetCurrentThreadId
GetVersionExW
SetEvent
GetUserDefaultLangID
GetThreadLocale
GetSystemPowerStatus
lstrlenW
CreateNamedPipeW
ConnectNamedPipe
ReadFile
WriteFile
FlushFileBuffers
DisconnectNamedPipe
SetLastError
lstrcmpW
WaitForSingleObject
FreeLibrary
CreateThread
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetTickCount
lstrcatW
Sleep
GetModuleHandleW
lstrcpyW
GetLastError
LoadLibraryW
GetProcAddress
CreateProcessW
lstrcpynW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetHandleCount

user32

PostQuitMessage
SetTimer
UnregisterDeviceNotification
RegisterDeviceNotificationW
KillTimer
PostThreadMessageW
GetWindowThreadProcessId
RegisterWindowMessageW
OpenWindowStationW
SetProcessWindowStation
BroadcastSystemMessageW
ExitWindowsEx
GetThreadDesktop
SetThreadDesktop
GetLastInputInfo
OpenInputDesktop
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
EnumDisplayDevicesW
GetDesktopWindow
GetWindow
DefWindowProcW
GetClassNameW
PostMessageW
MonitorFromWindow
EqualRect
wsprintfW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
IsRectEmpty
FindWindowExW
GetCursorPos
GetForegroundWindow
SetCursorPos
SendMessageW
SetWindowPos
GetDC
ReleaseDC
SubtractRect
InvalidateRect
GetSystemMetrics
IntersectRect
FindWindowW
GetWindowRect
SystemParametersInfoW
CloseWindow
DispatchMessageW
TranslateMessage
RegisterClassExW
CreateWindowExW
GetTopWindow
GetMessageW

gdi32

CreateDCW
ExtEscape
DeleteDC
CreateDCA

advapi32

ConvertStringSidToSidW
FreeSid
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
IsValidSid
RegGetKeySecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetAce
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
AddAce
RegEnumValueW
RegSetKeySecurity
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
OpenServiceW
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegOverridePredefKey
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessAsUserW
StartServiceCtrlDispatcherW

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ab0211c82969590180eec8c6d77b0a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

powrprof

setupapi

kernel32

user32

gdi32

advapi32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB