3d403e945c2ff35cb8ba53b254068c12_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d403e945c2ff35cb8ba53b254068c12_JaffaCakes118
Size

261KB
MD5

3d403e945c2ff35cb8ba53b254068c12
SHA1

29bcf1272de5a3c4739d784cfc07451fc21934d4
SHA256

f12cfff38e5d81714b1171baee97b52877485238340d9132035784267063eb22
SHA512

05fe3217d22c25e0b99bbe3cf0be14b836e1155e0bcf84cd78168aedf7c5dca8c92e5970ffce694cac220af585d79dd9a97216efa2e40cf64e532acf56e408ae
SSDEEP

6144:E5CFaA8i6aES7nP+U6BaFdVneBDL39LeErkPjwyDx2j:0C36b8rwO2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d403e945c2ff35cb8ba53b254068c12_JaffaCakes118

Files

3d403e945c2ff35cb8ba53b254068c12_JaffaCakes118
.exe windows:1 windows x86 arch:x86

c4ba0273ca0abd651c515002a0268279

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

fclose
__set_app_type
??3@YAXPAX@Z
__dllonexit
_itow
wcsstr
_onexit
free
_wcmdln
_initterm
_XcptFilter
_purecall
_ftol
_adjust_fdiv
wcslen
_beginthreadex
wcscpy

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

user32

GetWindowLongW
UpdateLayeredWindow
RegisterDeviceNotificationW
CharNextW
MoveWindow
SystemParametersInfoW
LoadStringW
GetClientRect
EnumDisplaySettingsW
GetMessageW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
UnregisterDeviceNotification
SetCursorPos
OpenInputDesktop
RegisterWindowMessageW
EqualRect
GetPropW
DestroyWindow
OpenDesktopW
SendInput
MonitorFromWindow
IsWindow
GetDC
GetThreadDesktop
FillRect
PostMessageW
MonitorFromPoint
SetWindowLongW
GetMonitorInfoW
CreateWindowExW

advapi32

RegOpenKeyExA
GetLengthSid
RegCreateKeyW
RegDeleteKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExW
RegSetValueW
RegSetValueExW
GetTokenInformation
RegOpenKeyExW
RegEnumKeyW

kernel32

GetCurrentThreadId
SetWaitableTimer
SetThreadExecutionState
ReadFile
CancelIo
GetProcessShutdownParameters
InterlockedIncrement
SetThreadPriority
LoadLibraryW
CreateMutexW
MapViewOfFile
OpenProcess
VirtualFree
LeaveCriticalSection
GetTickCount
GetTickCount
lstrlenW
WaitForMultipleObjects
GetCurrentThread
GetSystemDirectoryW
VirtualAlloc
GetModuleHandleA
SetPriorityClass
CloseHandle
WaitForMultipleObjectsEx
CompareStringW
CloseHandle
DuplicateHandle
GetProcessHeap
ReleaseMutex
SetStdHandle
GetProcAddress
HeapAlloc
QueueUserAPC
SetEvent
GetLastError
lstrcpyW
MulDiv
CancelWaitableTimer
CreateFileW
GlobalDeleteAtom
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
FlushInstructionCache

atl

ord32
ord23
ord20
ord44
ord45

hid

HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidP_MaxUsageListLength
HidD_FreePreparsedData
HidD_GetAttributes
HidP_GetUsages

gdi32

CreateCompatibleDC
CreateSolidBrush
DeleteObject
DeleteDC
CreateCompatibleBitmap
GetDeviceCaps

setupapi

SetupDiEnumDeviceInterfaces
SetupDiEnumDeviceInfo

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4ba0273ca0abd651c515002a0268279

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

user32

advapi32

kernel32

atl

hid

gdi32

setupapi

Sections

.text Size: 173KB - Virtual size: 173KB

.data Size: 73KB - Virtual size: 72KB

.rsrc Size: 14KB - Virtual size: 536KB

.text
Size: 173KB - Virtual size: 173KB

.data
Size: 73KB - Virtual size: 72KB

.rsrc
Size: 14KB - Virtual size: 536KB