b9ca8323ed819329813daefc5696b671_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b9ca8323ed819329813daefc5696b671_JaffaCakes118
Size

537KB
MD5

b9ca8323ed819329813daefc5696b671
SHA1

cd32dda967b6324616484ea1c27d0d72992a19a2
SHA256

d22cff25fea357b1360df717753f25da5898efe8e23616ccc2511f0084b48f2a
SHA512

de18a1bc9818d31ae6b347189fc89db5129160e71e883466a97c7bf3babd5b67c02b4716b131e8c1507819ac073765cd3801f369202fcafd10c68ba083dff4d5
SSDEEP

12288:yejkDjsHHUEoLmxJX0UMc8AWEolcrd+tZnXU9uhvKqFc6iT/SHJBw5XR0m/d921v:yWalcgIlY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9ca8323ed819329813daefc5696b671_JaffaCakes118

Files

b9ca8323ed819329813daefc5696b671_JaffaCakes118
.exe windows:6 windows x86 arch:x86

885aeb60c3202e4dc3fd608c710bd8d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DisplaySwitch.pdb

Imports

user32

GetForegroundWindow
SetFocus
SetCapture
SendInput
SetForegroundWindow
DefWindowProcW
EndPaint
BeginPaint
GetUpdateRect
RegisterClassW
ClientToScreen
GetWindowRect
GetDesktopWindow
GetDisplayConfigBufferSizes
QueryDisplayConfig
SetDisplayConfig
GetFocus
SetRectEmpty
GetClientRect
DrawTextExW
SetWindowLongW
SetLayeredWindowAttributes
GetDC
ReleaseDC
SetTimer
PtInRect
PostQuitMessage
NotifyWinEvent
ShowWindow
ReleaseCapture
SetWindowPos
InvalidateRect
UpdateWindow
GetCursorPos
LoadImageW
ScreenToClient
LoadCursorW
SetCursor
InflateRect
GetSysColorBrush
FillRect
GetSysColor
SetRect
SystemParametersInfoW
UnregisterDeviceNotification
KillTimer
FindWindowExW
CreateWindowExW
GetWindowLongW
LoadStringW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowsHookExW
GetSystemMetrics
CallNextHookEx
GetAsyncKeyState
GetKeyState
PostMessageW
RegisterDeviceNotificationW
UnhookWindowsHookEx

kernel32

LoadLibraryExA
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
InterlockedDecrement
InterlockedIncrement
CreateSemaphoreW
GetLastError
WaitForSingleObject
MulDiv
ReleaseSemaphore
CloseHandle
GetModuleHandleW
LoadLibraryA
GetUserDefaultUILanguage
SizeofResource
LockResource
LoadResource
FindResourceExW
Sleep
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
InterlockedExchange
GetLocaleInfoW

comctl32

ord345
ImageList_CoCreateInstance
ord344

shlwapi

ord219
SHGetValueW

ole32

CoInitialize
CoUninitialize

imm32

ImmDisableIME

ntdll

WinSqmEndSession
WinSqmStartSession
WinSqmAddToStream

powrprof

PowerDeterminePlatformRole
GetPwrCapabilities

slc

SLGetWindowsInformationDWORD

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
EventUnregister
EventWrite
EventRegister

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
qsort
_ftol2
_CIsin
_CIcos
memset
_vsnwprintf
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
strtok
_stricmp

gdi32

SetBkColor
DeleteObject
FillRgn
CreateFontIndirectW
SetTextColor
GetDeviceCaps
FrameRgn
CreateRectRgnIndirect
SelectObject
GetTextExtentPoint32W
CreateDIBSection
CreateRoundRectRgn
GetObjectW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qjydypl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

885aeb60c3202e4dc3fd608c710bd8d4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

shlwapi

ole32

imm32

ntdll

powrprof

slc

advapi32

msvcrt

gdi32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 473KB - Virtual size: 472KB

.reloc Size: 30KB - Virtual size: 31KB

qjydypl Size: - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 473KB - Virtual size: 472KB

.reloc
Size: 30KB - Virtual size: 31KB

qjydypl
Size: - Virtual size: 4KB