b99d2dc6db1d1f5256f6041381280bfb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b99d2dc6db1d1f5256f6041381280bfb_JaffaCakes118
Size

856KB
MD5

b99d2dc6db1d1f5256f6041381280bfb
SHA1

77d45d67714ec1eb56c35ea44c8d629c5322d557
SHA256

7910256b06ff5044f21b221ce686c2f3bd9d84903438539a17bcf08b27066fa7
SHA512

364dd8485f47816986540672771c62bb466905a21edd4013f9ddb6a299d3096b11ee85f1795cf1872b567ed281f4e545a0b7fac2e24e95adecf10b3ff734ef81
SSDEEP

24576:6xqoMjpAARCcvdUnT/f+gZ0IgqeDxckSb+05:kXMJ6nTx0cpkm+05

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b99d2dc6db1d1f5256f6041381280bfb_JaffaCakes118

Files

b99d2dc6db1d1f5256f6041381280bfb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2097dec67737381341fb48abc7c1d9c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hid

HidD_FreePreparsedData
HidP_GetScaledUsageValue
HidD_GetHidGuid
HidD_GetConfiguration
HidD_FlushQueue
HidP_MaxUsageListLength
HidD_GetManufacturerString
HidP_MaxDataListLength
HidP_GetUsages
HidP_TranslateUsagesToI8042ScanCodes
HidD_GetProductString
HidP_GetUsageValue
HidP_GetLinkCollectionNodes
HidD_SetFeature
HidD_GetPreparsedData
HidP_SetUsageValue
HidP_SetData
HidD_GetAttributes
HidP_SetScaledUsageValue
HidP_InitializeReportForID
HidP_GetCaps
HidP_UsageListDifference
HidD_GetNumInputBuffers
HidD_Hello
HidP_GetButtonCaps
HidP_SetUsages
HidD_GetIndexedString
HidD_SetConfiguration
HidP_GetValueCaps
HidP_SetUsageValueArray
HidP_GetUsagesEx
HidD_SetOutputReport
HidD_GetInputReport
HidP_GetData
HidD_GetMsGenreDescriptor
HidP_UnsetUsages

security

InitSecurityInterfaceA
FreeContextBuffer
AddSecurityPackageA
UnsealMessage
VerifySignature
InitSecurityInterfaceW
DeleteSecurityContext
SealMessage
ImportSecurityContextA
CompleteAuthToken
DecryptMessage
QuerySecurityPackageInfoA
AddSecurityPackageW
EnumerateSecurityPackagesA
AcceptSecurityContext
InitializeSecurityContextA
ApplyControlToken
FreeCredentialsHandle
QueryCredentialsAttributesA
EncryptMessage
QuerySecurityPackageInfoW
QueryCredentialsAttributesW
ImpersonateSecurityContext
DeleteSecurityPackageW
InitializeSecurityContextW
MakeSignature
EnumerateSecurityPackagesW

kernel32

DeleteFileA
GetACP
CreateFiber
lstrcpyn
lstrcmpW
ReplaceFileW
CreateEventA
RemoveDirectoryA
EnumResourceTypesA
GetConsoleHardwareState
GetOEMCP
AddAtomW
CreateProcessInternalA
LoadLibraryA
GetCommModemStatus
SetFilePointer
GetSystemInfo
GlobalUnWire
ReadFile
MoveFileWithProgressA
TermsrvAppInstallMode
GetNativeSystemInfo
FindNextVolumeMountPointA
SetUserGeoID
GetProcessWorkingSetSize
SetComPlusPackageInstallStatus
CopyFileExA
SetVolumeMountPointW
OpenProcess
Module32FirstW
ReadConsoleOutputA
GetLocaleInfoW
CreateNamedPipeA
VirtualAlloc
GlobalAlloc

msjtes40

DllMain
DllGetClassObject

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2097dec67737381341fb48abc7c1d9c3

Headers

DLL Characteristics

File Characteristics

Imports

hid

security

kernel32

msjtes40

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 329KB - Virtual size: 329KB

.data Size: 184KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 329KB - Virtual size: 329KB

.data
Size: 184KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B