32582b73d9559f7dbe2f7b0b4340bd13_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

32582b73d9559f7dbe2f7b0b4340bd13_JaffaCakes118
Size

192KB
MD5

32582b73d9559f7dbe2f7b0b4340bd13
SHA1

5a3274a7666fce169b9b600a9bb25fb1f7f75a58
SHA256

b5884c54cf2ddf83d552410b3dafeb765003410a3d3c8d91553a5e5398c48e49
SHA512

adda7e70ded03861dac5cf1eadac99e640cca695fe865678bab2fcdeac58f43520cc9ab8a20e85edb583ca202f1716d27c8a02f8a4d58c5fa003ca1355b6cbac
SSDEEP

3072:pHUbwUm4GtSTo/UZ8HqkLGB3M/U1gB0xxd+4JPdgYq8mNGtbQ44F:pUbw9mTeK8KzB3Wl0xxOYqqtbQ4w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32582b73d9559f7dbe2f7b0b4340bd13_JaffaCakes118

Files

32582b73d9559f7dbe2f7b0b4340bd13_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eec4c394348a29e79c1e1334178c3f8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\EliteIV3.3\drivers\install\install\setuplh\Release\winlh86\setup.pdb

Imports

setupapi

SetupGetInfInformationW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupQueryInfVersionInformationW

kernel32

RtlUnwind
InitializeCriticalSection
LoadLibraryA
GetStdHandle
WriteFile
CreateDirectoryW
SystemTimeToFileTime
CreateFileW
GetLastError
SetFileTime
CloseHandle
FindResourceW
HeapSize
LockResource
SizeofResource
FindFirstFileW
FindClose
DeleteFileW
GetModuleHandleW
GetProcAddress
LocalFree
LocalAlloc
lstrlenW
LoadLibraryW
FreeLibrary
FindNextFileW
GetTempPathW
CopyFileW
SetLastError
LoadResource
GetOEMCP
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
RaiseException
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA

advapi32

RegCloseKey
RegEnumValueW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eec4c394348a29e79c1e1334178c3f8b

Headers

File Characteristics

PDB Paths

Imports

setupapi

kernel32

advapi32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 128KB - Virtual size: 128KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 128KB - Virtual size: 128KB