dcb148df8e67709b39f8c62fb19adf8d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcb148df8e67709b39f8c62fb19adf8d_JaffaCakes118
Size

344KB
MD5

dcb148df8e67709b39f8c62fb19adf8d
SHA1

150a6ac57f23a4917a9b91890a0c7d5d58ac2d13
SHA256

912a419689179755384bb422519ecd95da1a5ce351365b840ae33d6c4e52a56b
SHA512

657db71705d5a503c7e71640033f92e798812f2fef9adbdda7b46110dc62606fafeb6b6622f53714b203f24f3b9c4ddcaade13ba89e3479f963421d430250dea
SSDEEP

6144:H7JsZ0SmGylYx0gf0wDMAfjZvjf0Bc+ZcGQiVA/LuO:H7SZ0SclYJLoAfjtmc+Z7Q5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcb148df8e67709b39f8c62fb19adf8d_JaffaCakes118

Files

dcb148df8e67709b39f8c62fb19adf8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4e1cf36b9f5f38ac4bf6b2565c7b2fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\workarea\8.632.1.2\drivers\2d\dal\eeu\build\client\w7\B_rel\atieclxx.pdb

Imports

user32

DestroyWindow
PostQuitMessage
DefWindowProcA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassA
DispatchMessageA
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetForegroundWindow
UnregisterDeviceNotification
RegisterDeviceNotificationA
PostThreadMessageA
KillTimer
SetTimer
EnumDisplaySettingsExA
EnumWindows
GetPropA
RedrawWindow
EnumDisplayDevicesA
SendInput
EnumDisplaySettingsA
ChangeDisplaySettingsExA
PostMessageA
GetMessageA

gdi32

D3DKMTCloseAdapter
D3DKMTQueryAdapterInfo
D3DKMTInvalidateActiveVidPn
D3DKMTOpenAdapterFromHdc
D3DKMTEscape
SetDeviceGammaRamp
CreateDCA
DeleteDC
D3DKMTPollDisplayChildren

advapi32

RegQueryValueExA
RegisterEventSourceA
ReportEventA
RegOpenCurrentUser
RegDeleteKeyA
RegOpenKeyExA
RegGetValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetCurrentHwProfileA

userenv

UnloadUserProfile
LoadUserProfileA

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationA
WTSRegisterSessionNotification

powrprof

PowerGetActiveScheme
PowerWriteACDefaultIndex
PowerWritePossibleValue
PowerWritePossibleFriendlyName
PowerCreatePossibleSetting
PowerWriteFriendlyName
PowerCreateSetting
PowerRemovePowerSetting
PowerReadDCValueIndex
PowerReadACValueIndex
PowerSettingAccessCheck
PowerEnumerate
PowerWriteDCValueIndex
PowerWriteACValueIndex
PowerSetActiveScheme
PowerWriteDCDefaultIndex

setupapi

CM_Reenumerate_DevNode
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
CM_Get_Device_IDA
CM_Get_Parent
CM_Get_DevNode_Status
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiOpenDeviceInfoA
SetupDiGetDeviceInstanceIdA
CM_Get_Device_ID_ExA

kernel32

VirtualProtect
IsValidLocale
SetConsoleCtrlHandler
GetLocaleInfoA
InterlockedExchange
LoadLibraryExA
InitializeCriticalSection
CreateFileA
RaiseException
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
EnumSystemLocalesA
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
ReadFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidCodePage
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapReAlloc
VirtualAlloc
SetFilePointer
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleA
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
MapViewOfFile
OpenFileMappingA
Sleep
OutputDebugStringA
WTSGetActiveConsoleSessionId
GetProcAddress
LoadLibraryA
FreeLibrary
CreateProcessA
LocalFree
GetLocalTime
GetTickCount
CloseHandle
GetExitCodeThread
CreateEventA
OpenEventA
WaitForSingleObject
WaitForMultipleObjects
SetEvent
ResetEvent
GetLastError
GetVersionExA
GetSystemDirectoryA
CreateThread
SetThreadPriority
CreateMutexA
OpenMutexA
ReleaseMutex
GetCurrentThreadId
WideCharToMultiByte
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetModuleHandleW
TlsGetValue
TlsAlloc

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4e1cf36b9f5f38ac4bf6b2565c7b2fc

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

advapi32

userenv

wtsapi32

powrprof

setupapi

kernel32

Sections

.text Size: 248KB - Virtual size: 244KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 5KB - Virtual size: 24KB

.text
Size: 248KB - Virtual size: 244KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 5KB - Virtual size: 24KB