d6d37118336217c6bc1f51a8f90af099_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6d37118336217c6bc1f51a8f90af099_JaffaCakes118
Size

279KB
MD5

d6d37118336217c6bc1f51a8f90af099
SHA1

e236573c5b99a3e1c4680a662355c799e5627f06
SHA256

c652484cacd2a1d7f4a41f2a976726957c3b53ef2a89d39cb60094c5ee73c200
SHA512

ef78f4854a8029a892bfe8c6bea2a96cb7d3115d06f301ad0bb8a01ef3e5034fa512e5e92d6c2df319cc8a5a5c06cf23e624c921f3d5b1bbd90583e94393206f
SSDEEP

6144:dMa0SqkxsPVLupTe3D62qHUPcaueisn+XGoL2+i:dMa0P68RuJeT6dHUPueisKGQ2V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6d37118336217c6bc1f51a8f90af099_JaffaCakes118

Files

d6d37118336217c6bc1f51a8f90af099_JaffaCakes118
.exe windows:9 windows x86 arch:x86

883157f1239e1b6cc6f1b2765f093d14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

msvcrt

__set_app_type
??3@YAXPAX@Z
_beginthreadex
free
wcslen
_CIpow
_adjust_fdiv
wcsstr
fclose
__setusermatherr
_c_exit
_CxxThrowException
_onexit
_cexit
_controlfp
_wcsicmp
_purecall
wcscmp

atl

ord43
ord17
ord44
ord16
ord30
ord23
ord57

kernel32

QueryPerformanceFrequency
CloseHandle
CreateEventW
CreateWaitableTimerW
GetTickCount
InterlockedDecrement
CreateFileMappingW
VirtualFree
ReleaseMutex
GetCurrentThread
DuplicateHandle
GetProcessWorkingSetSize
SetThreadExecutionState
GetStartupInfoW
lstrlenW
ResetEvent
SetEvent
MulDiv
VirtualAlloc
UnmapViewOfFile
HeapAlloc
SetProcessShutdownParameters
LoadLibraryW
QueueUserAPC
SetThreadPriority
GetModuleHandleA
CompareStringW
MapViewOfFile
SetPriorityClass
InitializeCriticalSectionAndSpinCount
CancelWaitableTimer
WaitForSingleObject
DeleteCriticalSection
GetTickCount

ole32

CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc

user32

GetWindowLongW
InflateRect
MonitorFromPoint
PtInRect
GetPropW
CallNextHookEx
EnumDisplayMonitors
RegisterWindowMessageW
WindowFromPoint
CreateWindowExW
SystemParametersInfoW
GetDesktopWindow
ReleaseDC
EnumDisplaySettingsW
EqualRect
ShowWindow
DestroyWindow
OpenInputDesktop
GetSystemMetrics
DefWindowProcW
SetThreadDesktop
FillRect
OpenDesktopW
GetAncestor
GetDoubleClickTime
MoveWindow
DestroyIcon
MonitorFromWindow
PostMessageW
GetMonitorInfoW
GetMessageW
CallWindowProcW
GetUserObjectInformationW
LoadStringW
DrawIconEx
CloseDesktop

advapi32

RegSetValueW
RegEnumKeyW
RegOpenKeyExW
OpenThreadToken
SetSecurityDescriptorDacl
CopySid
InitializeSecurityDescriptor
GetTokenInformation
RegCreateKeyW
GetLengthSid
RegCreateKeyExW
RegOpenKeyExA
RegDeleteKeyW
SetSecurityDescriptorGroup
RegCloseKey
RegQueryValueExW
SetSecurityDescriptorOwner
OpenProcessToken

hid

HidD_GetPreparsedData
HidD_GetHidGuid
HidP_GetSpecificValueCaps
HidD_FreePreparsedData
HidP_GetCaps
HidD_GetAttributes
HidP_GetUsageValue

gdi32

CreateSolidBrush
DeleteDC
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateCompatibleDC

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

883157f1239e1b6cc6f1b2765f093d14

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

msvcrt

atl

kernel32

ole32

user32

advapi32

hid

gdi32

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 69KB - Virtual size: 68KB

.rsrc Size: 33KB - Virtual size: 580KB

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 33KB - Virtual size: 580KB