f67cedf985de984c166a79cbb009a498_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f67cedf985de984c166a79cbb009a498_JaffaCakes118
Size

265KB
MD5

f67cedf985de984c166a79cbb009a498
SHA1

a69917e61fc2f25fdc5716bbd27155dc6fe8b23a
SHA256

26f539ac2d481e2db027cf9c2ca4948df10ae5899a34c18cf6371ba70adfb616
SHA512

384d682d411618766f05ee027c1eff38262cf49872ea1661bc7e3e6a187036b54e56fcfed7b65db53c925d240cbee4a7080f8b1f706672a0d3dc6ae4d39fd308
SSDEEP

6144:Tp2uocHLjZDXAhb3/DHTwqhKDZSFVe8o42XCCgKrxG+:Tp2u1Hp7WvwqhKD4A42Cz4x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f67cedf985de984c166a79cbb009a498_JaffaCakes118

Files

f67cedf985de984c166a79cbb009a498_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c64a3542e43fbea2ad68a056d7798a3a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wisptis.pdb

Imports

advapi32

TraceMessage
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegGetValueW
RegOpenKeyW
TraceEvent
IsWellKnownSid
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegOpenKeyExA
ConvertSidToStringSidW
WmiDevInstToInstanceNameW
WmiQuerySingleInstanceW
WmiCloseBlock
WmiOpenBlock
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD

kernel32

GetOverlappedResult
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
QueryPerformanceFrequency
CreateWaitableTimerW
GetProcAddress
OpenEventW
FlushInstructionCache
SignalObjectAndWait
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
GlobalAddAtomW
WaitForMultipleObjectsEx
SetLastError
GlobalDeleteAtom
InitializeCriticalSectionAndSpinCount
CloseHandle
GetVersionExW
VirtualProtect
VirtualAlloc
ResetEvent
VirtualQuery
MultiByteToWideChar
lstrlenW
lstrcpyW
lstrcmpiW
lstrcpynW
GetModuleFileNameW
LoadLibraryW
GetWindowsDirectoryW
lstrcatW
SetProcessShutdownParameters
SetPriorityClass
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
HeapSetInformation
SetThreadExecutionState
MulDiv
GetStartupInfoW
CompareStringW
GetCommandLineW
WerSetFlags
CancelIo
WaitForMultipleObjects
ReadFile
DeviceIoControl
CancelWaitableTimer
SetWaitableTimer
InterlockedDecrement
InterlockedIncrement
OpenProcess
GetCurrentProcess
DuplicateHandle
QueueUserAPC
CreateEventW
CreateMutexW
CreateFileMappingW
MapViewOfFile
LocalFree
QueryPerformanceCounter
SetEvent
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
CopyFileW
CreateFileW
LocalAlloc
GetUserDefaultUILanguage
GetLocaleInfoW
OpenMutexW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetModuleHandleA
SetUnhandledExceptionFilter
Sleep
VirtualFree
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
UnmapViewOfFile
GetTickCount
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
GetLastError
InitializeCriticalSection
GetSystemInfo

gdi32

SelectObject
CreateCompatibleDC
DeleteDC
GetDeviceCaps

user32

GetUserObjectInformationW
OpenInputDesktop
SetThreadDesktop
CharPrevW
GetMessageW
SetWinEventHook
IsChild
ChildWindowFromPointEx
ScreenToClient
WindowFromPhysicalPoint
PtInRect
InflateRect
SetRect
SetPropW
SetWindowPos
SetProcessDPIAware
DefWindowProcW
CallWindowProcW
CharLowerW
GetWindowThreadProcessId
GetClassNameW
MapWindowPoints
GetClientRect
EqualRect
GetAncestor
GetWindowLongW
IsWindow
PostMessageW
SetDoubleClickTime
GetDoubleClickTime
LogicalToPhysicalPoint
SendInput
SetPhysicalCursorPos
SetRectEmpty
GetSystemMetrics
EnumDisplaySettingsExW
SystemParametersInfoW
GetDC
GetDesktopWindow
ReleaseDC
UpdateLayeredWindow
ShowWindow
MoveWindow
CreateWindowExW
UnregisterDeviceNotification
PostThreadMessageW
RegisterDeviceNotificationW
IsWindowVisible
CloseDesktop
EnumDesktopWindows
OpenDesktopW
UnhookWindowsHookEx
DestroyWindow
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
GetPropW
SendMessageTimeoutW
SetWindowLongW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
GetMonitorInfoW
EnumDisplayDevicesW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
MonitorFromWindow
CharNextW
EnumDisplayMonitors

msvcrt

memset
memmove
realloc
??2@YAPAXI@Z
__CxxFrameHandler3
_vsnwprintf
memcpy
_CxxThrowException
_controlfp
??1type_info@@UAE@XZ
_wtol
??_U@YAPAXI@Z
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_onexit
_wcsdup
??_V@YAXPAX@Z
_exit
??3@YAXPAX@Z
_lock
_wcmdln
exit
_XcptFilter
swscanf
_CIpow
wcsrchr
_cexit
__wgetmainargs
_CIatan2
_itow
_ftol2
wcsstr
_wcstoi64
wcschr
_wcsnicmp
malloc
_purecall
_wcsicmp
_CIsqrt
_ftol2_sse
_beginthreadex
_wfopen
fputws
fclose
free

ntdll

WinSqmIsOptedIn
WinSqmEventWrite
WinSqmEventEnabled
WinSqmAddToStream
NtQuerySystemInformation

ole32

CoTaskMemAlloc
CoInitializeSecurity
CoCreateInstance
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringLen

hid

HidP_GetUsageValue
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetCaps
HidP_GetSpecificButtonCaps
HidP_GetSpecificValueCaps
HidP_MaxUsageListLength
HidP_GetUsages
HidD_GetHidGuid
HidD_FlushQueue
HidD_GetProductString

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiOpenDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

wtsapi32

WTSRegisterSessionNotification

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c64a3542e43fbea2ad68a056d7798a3a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

oleaut32

hid

setupapi

wtsapi32

slc

Sections

.text Size: 205KB - Virtual size: 204KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 35KB - Virtual size: 36KB

.text
Size: 205KB - Virtual size: 204KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 35KB - Virtual size: 36KB