f612a17c56c686fd03dfafbdd098215c_JaffaCakes118

General

Target

f612a17c56c686fd03dfafbdd098215c_JaffaCakes118
Size

169KB
MD5

f612a17c56c686fd03dfafbdd098215c
SHA1

5513efc582cb6c96938c0f5554d9f30e0697a6de
SHA256

85427f975d4b7367f45d7c61baf3998c5f8afe642267695fda45968595c65cdc
SHA512

fb41afd430e065a606dbedd23aa45dadfb5c0a8cb052e84b954ae939d350f581014025504725e33a0a336b10a5d8470ccef1646dfb62436b930cc00bf5385154
SSDEEP

3072:81cmV6yQ3xM2tmAxhuzfNcXF8Cse0gUZ21gar+7XW73kJwcfsjDsyOdBG5xrX8YZ:IvQUVzfkJse0gUZ21zcW739cUjDsBO5P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f612a17c56c686fd03dfafbdd098215c_JaffaCakes118

Files

f612a17c56c686fd03dfafbdd098215c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

875cdd7196c50c1cdc3c4ed95d936977

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
IsBadWritePtr
LoadResource
GetThreadPriority
GetSystemTime
CreateSemaphoreA
QueryPerformanceCounter
Sleep
EnterCriticalSection
FindResourceA
GlobalAlloc
GetSystemInfo
GetCurrentThread
ReleaseMutex
LoadLibraryA
TerminateThread
LoadLibraryW
GetCurrentThreadId
GetModuleFileNameA
SetThreadPriority
EnumResourceTypesA
InterlockedDecrement
GetCurrentProcessId
GetProcessHeap
GetTickCount
VirtualAlloc
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
WaitForMultipleObjects
ResetEvent
MultiByteToWideChar
HeapFree
IsBadReadPtr
WideCharToMultiByte
GetPrivateProfileStructA
LockResource
GetExitCodeThread
CreateFileW
lstrlenA
VirtualFree
ReleaseSemaphore
InterlockedIncrement
DisableThreadLibraryCalls
GetLastError
CreateMutexA
GetProcAddress
ExitProcess

shell32

SHGetFolderPathW

shlwapi

StrCmpNIA
StrStrA

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

CM_Get_Sibling
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 85KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

875cdd7196c50c1cdc3c4ed95d936977

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

iphlpapi

newdev

setupapi

Sections

.text Size: 85KB - Virtual size: 485KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 80KB - Virtual size: 79KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 85KB - Virtual size: 485KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 512B - Virtual size: 4KB