f520336aeb41e09b8c66aca4400b9915_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f520336aeb41e09b8c66aca4400b9915_JaffaCakes118
Size

57KB
MD5

f520336aeb41e09b8c66aca4400b9915
SHA1

87c1a8f02fd2527324dd4e26c6d2547d2c7d0bb0
SHA256

50214e6c1df6d88425ec4e448149b404ebbb679e5e3f356bbabb3d542db6be32
SHA512

49d16a47b44a55afe056e44891d5ae70b83f5590634689467d2fcdeb593619ccdaf25fd64abb449ea33322b8b7454c17edc772af6aba6521f9f6f242ce14d3a1
SSDEEP

1536:UqN8g4UutEFXiiwcix6Ae8UJON2E42dttDD8accD:UqN8iBiiwN6xnJON2L4hguD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f520336aeb41e09b8c66aca4400b9915_JaffaCakes118

Files

f520336aeb41e09b8c66aca4400b9915_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c3895f20c8b28bd8a4a3ac03a5d7d35f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Class_Key_NameA
SetupDiGetDeviceRegistryPropertyW
CM_Get_Class_Name_ExW
SetupGetSourceInfoA
CM_Uninstall_DevNode_Ex
CM_Get_Device_Interface_AliasW
SetupDiCancelDriverInfoSearch
pSetupStringTableSetExtraData
CM_Get_Class_Name_ExA
SetupDiBuildClassInfoListExA
SetupCopyOEMInfW
CM_Add_Range
SetupDiBuildDriverInfoList
pSetupGuidFromString
SetupGetFileCompressionInfoA
CM_Get_Resource_Conflict_Count
SetupRemoveInstallSectionFromDiskSpaceListA
CM_Enable_DevNode_Ex
SetupDiGetDeviceInfoListClass
CM_Get_First_Log_Conf
SetupDiClassNameFromGuidExW
CM_Get_Sibling_Ex
pSetupDuplicateString
SetupPromptReboot
CM_Get_Sibling
CM_Request_Device_Eject_ExW
SetupDiInstallClassExW
pSetupShouldDeviceBeExcluded
CM_Get_Res_Des_Data_Size_Ex
CM_Add_ID_ExA

kernel32

SetConsoleWindowInfo
VirtualAlloc
Toolhelp32ReadProcessMemory
Process32FirstW
CreateJobObjectW
LZCloseFile
HeapCreate
SetFileApisToOEM
GetCurrentProcessId
WaitForDebugEvent
ConsoleMenuControl
RegisterConsoleOS2
EnumCalendarInfoW
lstrcat
ReadProcessMemory
TlsGetValue
MapUserPhysicalPagesScatter
GetDateFormatA
ReadConsoleInputExA
GetDiskFreeSpaceExA
LoadLibraryA
GetNumberFormatW
CloseConsoleHandle
ReadConsoleA
GetPrivateProfileStringA
VirtualQueryEx
GetConsoleCP
GetOEMCP
SetConsoleOS2OemFormat
GetTickCount

version

VerInstallFileW
VerInstallFileA
VerLanguageNameW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerFindFileA
VerLanguageNameA
GetFileVersionInfoA
VerFindFileW
VerQueryValueW
VerQueryValueA

d3d8thk

OsThunkDdGetBltStatus
OsThunkDdUpdateOverlay
OsThunkDdCreateMoComp
OsThunkDdQueryDirectDrawObject
OsThunkDdDestroyD3DBuffer
OsThunkDdUnlockD3D
OsThunkDdSetOverlayPosition
OsThunkDdQueryMoCompStatus
OsThunkDdAttachSurface
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetDC
OsThunkDdGetDriverState
OsThunkD3dContextDestroy
OsThunkD3dValidateTextureStageState
OsThunkD3dContextCreate
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetDxHandle
OsThunkDdCreateSurfaceObject
OsThunkDdResetVisrgn
OsThunkDdLockD3D
OsThunkDdGetAvailDriverMemory
OsThunkD3dDrawPrimitives2
OsThunkDdGetDriverInfo
OsThunkDdGetScanLine
OsThunkDdGetMoCompGuids
OsThunkDdEndMoCompFrame
OsThunkDdAlphaBlt

oleacc

AccessibleObjectFromPoint
CreateStdAccessibleObject
CreateStdAccessibleProxyW
GetRoleTextW
AccessibleChildren
IID_IAccessibleHandler
GetOleaccVersionInfo
DllGetClassObject
DllCanUnloadNow
DllUnregisterServer
WindowFromAccessibleObject
DllRegisterServer
IID_IAccessible
GetStateTextW
GetStateTextA
GetRoleTextA
CreateStdAccessibleProxyA
ObjectFromLresult
LIBID_Accessibility
LresultFromObject
AccessibleObjectFromEvent
AccessibleObjectFromWindow

regapi

RegWdQueryW
RegSAMUserConfig
RegWinStationQueryEx
RegWinStationEnumerateW
RegOpenServerA
RegQueryOEMId
RegWinStationQueryNumValueW
RegWdCreateA
RegQueryUtilityCommandList
RegDenyTSConnectionsPolicy
RegPdQueryA
RegIsTServer
RegPdQueryW
RegCdQueryW
RegDefaultUserConfigQueryA
RegWdDeleteW
RegCdEnumerateA
RegCdDeleteW
RegFreeUtilityCommandList
RegCdQueryA
RegUserConfigRename
RegWinStationSetSecurityA
RegWinStationSetSecurityW
RegGetUserPolicy
RegWdEnumerateA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3895f20c8b28bd8a4a3ac03a5d7d35f

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

version

d3d8thk

oleacc

regapi

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 19KB - Virtual size: 52KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 19KB - Virtual size: 52KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 204B