2d5bb8373c98d8621cb5a7c67eb6c954_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d5bb8373c98d8621cb5a7c67eb6c954_JaffaCakes118
Size

950KB
MD5

2d5bb8373c98d8621cb5a7c67eb6c954
SHA1

ef5d2794a43edd8d419979fe24e33d32e05c98e0
SHA256

354772a447f317a708d4bd28bc9c1893907c78a111980e05c0c2e9000e51d628
SHA512

4274bc1f8b0b0183edcfef76bf4bbf2a8095d45d85d17b4ba637ddc30007754941ebe8e21795c3dacce49af3b083fcc91a1ae5f4d2d41fc189b6dca487f20c2a
SSDEEP

24576:kEe5DJWZ4XI903q1wZGTNWXGNb6crqjXdU0RoSZ/+:mD0+P3qOZGkobvrqjNto2/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d5bb8373c98d8621cb5a7c67eb6c954_JaffaCakes118

Files

2d5bb8373c98d8621cb5a7c67eb6c954_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1a6fe8aa69c74123e235bf365dc926e5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_DevNode_Status
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Device_ID_ExW
CM_Get_Device_IDW
SetupDiGetActualSectionToInstallW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiGetSelectedDriverW
CM_Get_Parent_Ex
SetupDiBuildDriverInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInstanceIdW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoList
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupGetFieldCount
SetupGetLineCountW
SetupDiEnumDriverInfoW
SetupFindFirstLineW

kernel32

TlsGetValue
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
GetBinaryTypeW
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
GetLastError
FileTimeToSystemTime
TlsAlloc
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
OutputDebugStringW
DeleteFileW
FindNextFileW
BuildCommDCBW
QueryPerformanceFrequency
GetUserDefaultLCID
EnumLanguageGroupLocalesW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
SetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection

shlwapi

PathFindFileNameW
PathGetDriveNumberW
PathIsRelativeW
PathIsURLW
PathRemoveBackslashW
PathRemoveExtensionW
PathSkipRootW
PathStripToRootW
PathCreateFromUrlW
SHDeleteEmptyKeyW
SHSetValueW
PathFindExtensionW
PathAppendW
PathAddBackslashW

psapi

GetDeviceDriverBaseNameW
GetProcessImageFileNameW

user32

GetDlgCtrlID
ScrollWindow
CreateIconFromResourceEx
CopyImage
SetMessageExtraInfo

winspool.drv

GetSpoolFileHandle

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.em973
Size: 875KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a6fe8aa69c74123e235bf365dc926e5

Headers

File Characteristics

Imports

setupapi

kernel32

shlwapi

psapi

user32

winspool.drv

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 6.9MB

.idata Size: 3KB - Virtual size: 3KB

.em973 Size: 875KB - Virtual size: 875KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 6.9MB

.idata
Size: 3KB - Virtual size: 3KB

.em973
Size: 875KB - Virtual size: 875KB

.rsrc
Size: 16KB - Virtual size: 16KB