dc4389744f753fd5bf2b0e0f61047129_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc4389744f753fd5bf2b0e0f61047129_JaffaCakes118
Size

502KB
MD5

dc4389744f753fd5bf2b0e0f61047129
SHA1

74ff350a2b55457c32e5f48475a17cc81757f187
SHA256

3716ffe86a444de25dc44d6d002388fdc65a4d8bdcff5564b828f5e8517e3b32
SHA512

cc7d0fdbf8e2136f40d55afdcd793ea16fc77a24c250d29d6936005d51a3c0e202035f0d41553009f4f1713147983b7d53325ff1d5c5f1a228334ead331359bb
SSDEEP

6144:q7nCEn4KH1vZD3x7zPylsJIC12x+UwKCjIZZB03tGPW:qLCEzZDpKlsSCuDCEZBg8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc4389744f753fd5bf2b0e0f61047129_JaffaCakes118

Files

dc4389744f753fd5bf2b0e0f61047129_JaffaCakes118
.exe windows:4 windows x64 arch:x64

e19c5fee2324ad08143f93782fb76eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

socket
setsockopt
bind
recv
closesocket
WSAStartup

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiSetDeviceRegistryPropertyA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo

msvcrt

?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_ismbblead
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
??1type_info@@UEAA@XZ
mktime
_mbsnbcpy
_mbsnbcat
_mbschr
_purecall
strrchr
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
fputc
_ftime
ctime
_strdup
atoi
_mbscmp
fflush
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
isxdigit
strstr
isdigit
toupper
strncmp
fgetc
strtoul
_stricmp
isspace
sscanf
memcmp
srand
fprintf
vsprintf
fgets
strcmp
fseek
_splitpath
fopen
fclose
rand
__CxxFrameHandler
memset
localtime
asctime
strcpy
gmtime
sprintf
strcat
strncpy
_endthread
_beginthreadex
free
malloc
_setmbcp
_strupr
strlen

mfc42

ord1265
ord1883
ord1042
ord1040
ord628
ord626
ord5934
ord1124
ord1153
ord1166
ord3840
ord2839
ord2779
ord1940
ord5738
ord5165
ord6168
ord5857
ord2046
ord4766
ord4805
ord4684
ord5264
ord5390
ord6149
ord5853
ord2008
ord1311
ord607
ord1030
ord5330
ord2178
ord478
ord4323
ord5899
ord4602
ord826
ord2103
ord6259
ord6140
ord310
ord4812
ord5589
ord5516
ord6669
ord6448
ord4375
ord1792
ord4761
ord5670
ord2413
ord5595
ord6818
ord4703
ord4027
ord5238
ord4798
ord2682
ord2074
ord6820
ord3943
ord5493
ord1749
ord5690
ord2471
ord2154
ord5706
ord3058
ord3252
ord3371
ord4824
ord3240
ord3375
ord3061
ord3175
ord3055
ord4092
ord4093
ord4087
ord3173
ord4381
ord4997
ord4779
ord3784
ord867
ord4609
ord5719
ord1469
ord1660
ord2915
ord3544
ord665
ord4486
ord851
ord2475
ord4037
ord6585
ord2788
ord1659
ord336
ord5531
ord2126
ord2762
ord2419
ord3150
ord5530
ord5534
ord4826
ord4643
ord3491
ord5429
ord1321
ord5846
ord3545
ord2929
ord2928
ord4472
ord4374
ord5666
ord2410
ord5712
ord2683
ord1687
ord5683
ord2470
ord4783
ord1787
ord6807
ord2439
ord2038
ord4755
ord3815
ord911
ord1544
ord6358
ord4619
ord4622
ord2124
ord4793
ord4633
ord6773
ord2673
ord3186
ord2858
ord5086
ord5694
ord5415
ord2529
ord6445
ord1791
ord5709
ord4780
ord3771
ord822
ord852
ord337
ord2398
ord2342
ord2343
ord4567
ord4730
ord5254
ord2463
ord6697
ord1122
ord3662
ord2530
ord372
ord622
ord1506
ord3793
ord3800
ord2441
ord4554
ord2607
ord3830
ord1663
ord2907
ord2407
ord2598
ord4750
ord3753
ord4553
ord2604
ord3930
ord1067
ord984
ord525
ord3750
ord1447
ord6134
ord1870
ord427
ord890
ord4579
ord4816
ord5452
ord4134
ord3691
ord6847
ord832
ord4434
ord2436
ord2037
ord4552
ord2601
ord4752
ord3761
ord4563
ord4729
ord5253
ord5665
ord3792
ord376
ord4608
ord6819
ord4845
ord2571
ord2527
ord6078
ord4201
ord1392
ord5624
ord2426
ord3477
ord5729
ord5731
ord4378
ord5074
ord5737
ord5718
ord6060
ord4992
ord3926
ord1063
ord659
ord6620
ord6823
ord6640
ord6518
ord2649
ord1556
ord2764
ord1595
ord620
ord3692
ord6848
ord2544
ord2425
ord1287
ord292
ord608
ord2042
ord815
ord1300
ord286
ord1585
ord880
ord3277
ord1263
ord4446
ord6057
ord6649
ord2810
ord2801
ord4056
ord374
ord1289
ord1267
ord3467
ord2912
ord2100
ord3272
ord5518
ord4712
ord4806
ord5046
ord5051
ord1871
ord4580
ord4132
ord2159
ord2420
ord5532
ord5535
ord4827
ord3490
ord1320
ord2930
ord4473
ord2411
ord5713
ord4794
ord1036
ord2641
ord613
ord428
ord3418
ord6564
ord2547
ord4716
ord4355
ord5845
ord4432
ord2418
ord1731
ord1737
ord5663
ord6812
ord5708
ord5492
ord5677
ord2469
ord3918
ord1053
ord647
ord4465
ord5861
ord6622
ord2656
ord6386
ord2147
ord4815
ord2509
ord2655
ord2150
ord5453
ord5684
ord4784
ord4373
ord4768
ord6079
ord4024
ord6465
ord4139
ord4549
ord1478
ord4468
ord4756
ord3816
ord912
ord4577
ord2185
ord4187
ord3426
ord3405
ord6402
ord2605
ord3510
ord6392
ord1922
ord5091
ord1711
ord5717
ord4796
ord2073
ord4788
ord1003
ord1369
ord559
ord560
ord4593
ord1920
ord5593
ord5594
ord5592
ord5313
ord5123
ord5391
ord5361
ord4708
ord4731
ord5255
ord5716
ord5236
ord999
ord549
ord4592
ord6425
ord1035
ord3904
ord2796
ord4531
ord1822
ord4714
ord837
ord321
ord4564
ord5941
ord3882
ord567
ord1005
ord1729
ord3183
ord5584
ord6632
ord2408
ord1064
ord2586
ord4307
ord2588
ord2752
ord1980
ord660
ord5434
ord5997
ord6137
ord3319
ord2799
ord6886
ord6551
ord4255
ord2272
ord6250
ord6230
ord1617

kernel32

SetCommState
GetStartupInfoA
GetEnvironmentVariableA
GetLocaleInfoA
MultiByteToWideChar
WideCharToMultiByte
GetExitCodeProcess
FindFirstFileA
FindClose
CreateProcessA
MulDiv
ClearCommError
ReadFile
WriteFile
GetOverlappedResult
SetupComm
GetCommState
TlsAlloc
SetCommTimeouts
SetCommMask
EscapeCommFunction
PurgeComm
DeviceIoControl
CreateFileA
GetWindowsDirectoryA
GetModuleFileNameA
CopyFileA
GetSystemDirectoryA
DeleteFileA
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetComputerNameA
CreateThread
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateMutexA
OpenProcess
ReleaseMutex
TerminateThread
ResetEvent
CloseHandle
DeleteCriticalSection
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
SetEvent
WaitForSingleObject
TlsSetValue
CreateEventA
Sleep
InitializeCriticalSection
GetTickCount

user32

FindWindowA
SetClipboardData
CloseClipboard
EmptyClipboard
CheckMenuItem
GetSubMenu
UpdateWindow
OpenClipboard
UnregisterDeviceNotification
RegisterDeviceNotificationA
RemoveMenu
LoadMenuA
GetMenu
SetMenu
IsZoomed
InvalidateRect
GetWindowLongA
ReleaseCapture
SetCapture
SetWindowTextA
GetSysColorBrush
SystemParametersInfoA
EndDeferWindowPos
BeginDeferWindowPos
FillRect
GetClassLongPtrA
GetKeyState
wsprintfA
IsRectEmpty
PtInRect
InflateRect
OffsetRect
ClientToScreen
GetDCEx
RegisterClipboardFormatA
CharNextA
LoadIconA
GetWindowRect
LoadBitmapA
LoadCursorA
GetParent
GetLastActivePopup
ReleaseDC
GetDC
GetClientRect
PostMessageA
AppendMenuA
CreatePopupMenu
IsMenu
GetCursorPos
GetSysColor
EnableWindow
GetWindow
RedrawWindow
SendMessageA
RegisterWindowMessageA
CopyRect

gdi32

CreateFontA
PatBlt
GetTextColor
StretchBlt
CreateCompatibleDC
GetObjectA
SelectObject
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps

comdlg32

ChooseColorA

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegCloseKey

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_EndDrag
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
ImageList_BeginDrag

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

?BT2K_DetectMicrosoftStack@@YAHPEAH0@Z
?BT2K_InstallBTUSBFLT@@YAHPEBDH@Z
?BT2K_InstallServiceDriver@@YAHKPEBD00H@Z
?BT2K_UninstallBTUSBFLT@@YAHHPEAH@Z

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 16.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e19c5fee2324ad08143f93782fb76eda

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

setupapi

msvcrt

mfc42

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

Exports

Exports

Sections

.text Size: 295KB - Virtual size: 295KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 61KB - Virtual size: 16.6MB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 61KB - Virtual size: 83KB

.text
Size: 295KB - Virtual size: 295KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 61KB - Virtual size: 16.6MB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 61KB - Virtual size: 83KB