2cf20e9d44253419d595cc783753adb9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cf20e9d44253419d595cc783753adb9_JaffaCakes118
Size

284KB
MD5

2cf20e9d44253419d595cc783753adb9
SHA1

68a2dec25131627ebe79bdf96d8cf1c26ba5bcd4
SHA256

79c05871d83e28bcdb9e7d9e6378529d057b0fa8e3eca50795a9427d50a38d73
SHA512

3bf0f540f1613f5a7ca41eb463c9f177da0335de8b0d7aa6afbac3c68566db50398d9bb1dbc64b99ce7c1dedeaecba5edd80ead860041be2277e27866ad52059
SSDEEP

6144:fWVlQKeR+Sg95uvCbja68WiraV9F8SSs0hm5eD:fLTMSScqW66+8SzYueD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cf20e9d44253419d595cc783753adb9_JaffaCakes118

Files

2cf20e9d44253419d595cc783753adb9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

316a85e388ddbda8b8bb7f231cb99cb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

hid

HidP_GetCaps
HidD_GetPreparsedData
HidP_MaxUsageListLength
HidD_FreePreparsedData
HidD_GetProductString
HidP_GetUsages
HidD_GetHidGuid

kernel32

ReadFile
WaitForSingleObject
CreateEventW
CancelIo
GetCommandLineW
GetModuleHandleA
CreateMutexW
CreateWaitableTimerW
UnmapViewOfFile
InterlockedIncrement
MulDiv
FlushInstructionCache
WaitForMultipleObjectsEx
LoadLibraryW
CancelWaitableTimer
HeapFree
VirtualAlloc
QueryPerformanceCounter
GetTickCount
GetStartupInfoW
GlobalDeleteAtom
GetTickCount
lstrcpyW
ReleaseMutex
LocalFree
GetProcAddress
CreateFileW
CloseHandle
SetThreadExecutionState
CloseHandle
GetOverlappedResult
WaitForMultipleObjects
GetProcessHeap
HeapAlloc
EnterCriticalSection
GetEnvironmentStrings
VirtualFree
GetCurrentThreadId
VerSetConditionMask
DeleteCriticalSection
GlobalAddAtomW

msvcrt

_exit
_wcmdln
_XcptFilter
_adjust_fdiv
_beginthreadex
free
__setusermatherr
_vsnwprintf
??1type_info@@UAE@XZ
fputws
_purecall
__set_app_type
_wfopen
_initterm
_except_handler3
_itow
_controlfp
wcscmp
??2@YAPAXI@Z
fclose

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW

user32

DefWindowProcW
UnhookWindowsHookEx
SendInput
MonitorFromWindow
DestroyIcon
GetAncestor
CallWindowProcW
SetThreadDesktop
DrawIconEx
RegisterDeviceNotificationW
EqualRect
GetWindowLongW
EnumDisplaySettingsW
ReleaseDC
CharNextW
GetUserObjectInformationW
PostMessageW
IntersectRect
GetMessageW
GetClientRect
FillRect
RegisterWindowMessageW
GetDesktopWindow
GetThreadDesktop
OpenInputDesktop

atl

ord45
ord44
ord57
ord17
ord32

ole32

CoTaskMemAlloc
CoInitializeEx
CoInitializeSecurity

advapi32

RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyW
RegQueryValueExW
GetLengthSid
RegSetValueW
RegSetValueExW
SetSecurityDescriptorGroup
RegCloseKey
RegQueryValueExA
RegOpenKeyW

gdi32

DeleteDC
GetDeviceCaps

Sections

.text
Size: 202KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

316a85e388ddbda8b8bb7f231cb99cb8

Headers

DLL Characteristics

File Characteristics

Imports

hid

kernel32

msvcrt

setupapi

user32

atl

ole32

advapi32

gdi32

Sections

.text Size: 202KB - Virtual size: 202KB

.data Size: 48KB - Virtual size: 47KB

.rsrc Size: 33KB - Virtual size: 568KB

.text
Size: 202KB - Virtual size: 202KB

.data
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 33KB - Virtual size: 568KB