0cd39714d1f48a7ac10692f2743add8d_JaffaCakes118

General

Target

0cd39714d1f48a7ac10692f2743add8d_JaffaCakes118
Size

162KB
MD5

0cd39714d1f48a7ac10692f2743add8d
SHA1

1b6ba74fc9429bbfeb2da80b4a8cabcd3520968c
SHA256

fb749b434b40d6f316f19881b18a0a32def1b8015dbcc072f9458d941046b787
SHA512

8514882e85f49d999242fe742d3359f061b05886a339e09e7fee0618c545be312c7b12cdda2409b7af7d979f0442df01e58772f8dbeab787215322d71be472e1
SSDEEP

3072:Dwt/pRaTzbNhE4x4G/Z+96KGaIOovArjpEoYqfs3kefYgstt19MW:IB0w89Z++bOpEotfs0ZZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd39714d1f48a7ac10692f2743add8d_JaffaCakes118

Files

0cd39714d1f48a7ac10692f2743add8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6658cba238497388d75d2da663605f96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

InterlockedExchange
GetStdHandle
TerminateProcess
GetVersionExA
GetCurrentProcessId
SetLastError
AddAtomA
FreeEnvironmentStringsW
GetACP
HeapSize
TlsFree
WriteFile
GetCurrentProcess
GetOEMCP
GetLocaleInfoA
GetEnvironmentStringsW
IsBadWritePtr
EnumResourceNamesW
VirtualQuery
TlsAlloc
QueryPerformanceCounter
UnhandledExceptionFilter
TlsSetValue
GetStartupInfoA
GetEnvironmentStrings
VirtualAlloc
GetFileType
lstrcatW
FreeEnvironmentStringsA
SetHandleCount
TlsGetValue
GetSystemInfo
HeapCreate
GetSystemTimeAsFileTime
VirtualFree
GetCPInfo
GetModuleFileNameA
SetEndOfFile
HeapDestroy
SetUnhandledExceptionFilter

user32

GetDlgItem
DestroyWindow
SendMessageA
EnumChildWindows
CreateWindowExW
IsWindow
GetWindowThreadProcessId

shell32

SHGetFolderPathW

setupapi

CM_Get_Global_State
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

Sections

.text
Size: 80KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6658cba238497388d75d2da663605f96

Headers

File Characteristics

Imports

iphlpapi

newdev

kernel32

user32

shell32

setupapi

mprapi

Sections

.text Size: 80KB - Virtual size: 487KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 487KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB