fa0174de70db10df0d1706157d8ec0b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa0174de70db10df0d1706157d8ec0b6_JaffaCakes118
Size

281KB
MD5

fa0174de70db10df0d1706157d8ec0b6
SHA1

25418f0c4c44eccdd63364f02f39d079c2f2321f
SHA256

3f5f0a67d820d89379722690673db3463ec9aafabc8c9f405e22eb404bdecf19
SHA512

b2818b5ceabd03372a56a0e38682cbd7a51161e2d04311f46ba4a717f9d2adbdd7e75bfce46dc7cae153806298630c2fb32876e5f96dc92e280344da740c724c
SSDEEP

6144:JzT2P1tOhUTJhQef7KgtIgv7Xxt1g6hJr0BuUJlM33:JzT2P7OhO/Qm1247h/dhJABuKM3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa0174de70db10df0d1706157d8ec0b6_JaffaCakes118

Files

fa0174de70db10df0d1706157d8ec0b6_JaffaCakes118
.exe windows:1 windows x86 arch:x86

44ef37b48d9e3b90737a49a7bcecfd4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetOverlappedResult
GlobalDeleteAtom
VirtualFree
ReadFile
LeaveCriticalSection
EnterCriticalSection
SetThreadExecutionState
LocalFree
GetProcAddress
CloseHandle
lstrcpyW
GetStartupInfoW
CreateMutexW
DeleteCriticalSection
HeapFree
CreateWaitableTimerW
GetCommandLineW
GetModuleHandleA
WaitForSingleObject
QueryPerformanceCounter
SetWaitableTimer
HeapAlloc
GetEnvironmentStrings
SetPriorityClass
VerifyVersionInfoW
QueueUserAPC
DuplicateHandle
GlobalAddAtomW
WaitForMultipleObjectsEx
InterlockedIncrement
SetEvent
FlushInstructionCache
GetProcessHeap
InterlockedDecrement
CreateFileMappingW
VirtualAlloc
MulDiv
GetTickCount

gdi32

DeleteDC
DeleteObject

hid

HidP_GetSpecificValueCaps
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetProductString
HidP_MaxUsageListLength
HidP_GetUsageValue

msvcrt

wcscmp
wcscpy
wcslen
fputws
wcstol
?terminate@@YAXXZ
_c_exit
__dllonexit
??2@YAPAXI@Z
__wgetmainargs
_wcsicmp
_wcmdln
free
_CIpow
swscanf
__p__fmode
_itow
_onexit
_controlfp
_vsnwprintf

advapi32

RegOpenKeyExA
RegCreateKeyExW
RegOpenKeyW
RegDeleteKeyW
GetTokenInformation
RegSetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
SetSecurityDescriptorOwner
CopySid

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey

user32

SetWindowsHookExW
SendInput
UpdateLayeredWindow
DrawIconEx
GetSysColor
GetMessageW
SetThreadDesktop
GetAncestor
UnregisterDeviceNotification
FillRect
DefWindowProcW
GetClientRect
LoadStringW
OpenDesktopW
CreateWindowExW
PtInRect
EqualRect
DestroyIcon
DispatchMessageW
GetPropW
CharNextW
GetThreadDesktop
WindowFromPoint
GetMonitorInfoW
MonitorFromPoint
IntersectRect
CloseDesktop
DestroyWindow
ClientToScreen

atl

ord17
ord20
ord57
ord30
ord32
ord16
ord23
ord18
ord43

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44ef37b48d9e3b90737a49a7bcecfd4d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

hid

msvcrt

advapi32

ole32

setupapi

user32

atl

Sections

.text Size: 204KB - Virtual size: 204KB

.data Size: 42KB - Virtual size: 42KB

.rsrc Size: 33KB - Virtual size: 568KB

.text
Size: 204KB - Virtual size: 204KB

.data
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 33KB - Virtual size: 568KB