daef7618e3d8b9351d8d8c18f8374064_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

daef7618e3d8b9351d8d8c18f8374064_JaffaCakes118
Size

262KB
MD5

daef7618e3d8b9351d8d8c18f8374064
SHA1

ac5f5ea9d2fc930f4fbc27085b8f53395236d19e
SHA256

1652523dfc3fd9f46ec9e07195ad0ce68c1c6451c18a001c63ff83f8b521afd7
SHA512

36a2ea38da7113eb474044c4cfd788e20d78c205e14f9e9f71fbbf27a8710db81a0a312fc422194d516a59d539a2eaf1d2342d8cbaa92f8a568bddb96d34c670
SSDEEP

6144:fimq97AexZE9ykOyNcq80oYpAmGqlY4YSMVKK:fM7ASAykOyNFHqmGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daef7618e3d8b9351d8d8c18f8374064_JaffaCakes118

Files

daef7618e3d8b9351d8d8c18f8374064_JaffaCakes118
.exe windows:9 windows x86 arch:x86

e8f27935b86ec98f408e646590cfa417

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
CreateSolidBrush

advapi32

GetLengthSid
RegSetValueExW
RegQueryValueExW
CopySid
RegOpenKeyExA
RegDeleteKeyW
GetTokenInformation
RegCreateKeyExW
InitializeSecurityDescriptor
OpenThreadToken

user32

GetClientRect
EnumDisplaySettingsW
SendInput
MonitorFromPoint
SetThreadDesktop
MoveWindow
SystemParametersInfoW
MonitorFromWindow
CallNextHookEx
LoadImageW
GetMessageW
PostMessageW
EqualRect
OpenDesktopW
GetSystemMetrics
ClientToScreen
EnumDisplayMonitors
DefWindowProcW
DestroyWindow
SetWindowsHookExW
GetDesktopWindow
OpenInputDesktop
UpdateLayeredWindow
CallWindowProcW
PtInRect
RegisterWindowMessageW
DestroyIcon
GetAncestor
GetWindowLongW
GetSysColor

hid

HidD_GetAttributes
HidP_GetSpecificButtonCaps
HidP_GetUsageValue
HidD_GetPreparsedData
HidP_GetUsages
HidP_MaxUsageListLength
HidD_GetProductString

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList

atl

ord17
ord57
ord16
ord32
ord18
ord58

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitializeEx

msvcrt

_vsnwprintf
wcstol
swscanf
__wgetmainargs
exit
_c_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_cexit
_controlfp
_wcmdln
free
__setusermatherr
_adjust_fdiv
wcsstr
__CxxFrameHandler
_ftol
_onexit
??2@YAPAXI@Z
wcslen
wcscpy
__set_app_type
_beginthreadex
__p__commode

kernel32

DeleteCriticalSection
GlobalAddAtomW
GetCurrentThreadId
DuplicateHandle
CancelWaitableTimer
WaitForSingleObject
OpenProcess
WaitForMultipleObjects
InterlockedIncrement
lstrlenW
SetThreadPriority
FreeLibrary
MulDiv
GetOverlappedResult
lstrcpyW
HeapAlloc
GetTickCount
SetEvent
VerSetConditionMask
GetStartupInfoW
CancelIo
VirtualFree
CreateFileMappingW
SetProcessShutdownParameters
VirtualAlloc
ResetEvent
CloseHandle
EnterCriticalSection
InterlockedDecrement
GetCommandLineW
HeapFree
GetStdHandle
GetCurrentProcess
GetProcessHeap
ReadFile
GetLastError
QueryPerformanceFrequency
LoadLibraryW
CreateWaitableTimerW
SetProcessShutdownParameters
CreateFileW
LeaveCriticalSection
CloseHandle
MapViewOfFile

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 560KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8f27935b86ec98f408e646590cfa417

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

advapi32

user32

hid

setupapi

atl

ole32

msvcrt

kernel32

Sections

.text Size: 217KB - Virtual size: 217KB

.data Size: 37KB - Virtual size: 36KB

.rsrc Size: 7KB - Virtual size: 560KB

.text
Size: 217KB - Virtual size: 217KB

.data
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 7KB - Virtual size: 560KB