0d3e2774b4c09c40b25485d1f05d964e_JaffaCakes118

General

Target

0d3e2774b4c09c40b25485d1f05d964e_JaffaCakes118
Size

170KB
MD5

0d3e2774b4c09c40b25485d1f05d964e
SHA1

d80b556660cdabfbfb9a8238d279030d45c1eece
SHA256

afc14d5d9d9b102df557d5d1fed4fb6f480b1c7aae41a72fb6de48f3f230bc20
SHA512

8c1a20791edcc19285d0240a3dba7eb3ec323008cfa8b26a2a17aff11ca0e120ccddc4e3fb02a2d02bb2cdc1158c6987a7c48ab558343298da3c22fda74d4821
SSDEEP

3072:R6bWxEQv9+sVsfW4iIkmxjSso+QF8H9T2YRswMHqoQefhaCNZwJLc922b1S7:YK4csu7mx2so+bH9Tb5QrEG9zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d3e2774b4c09c40b25485d1f05d964e_JaffaCakes118

Files

0d3e2774b4c09c40b25485d1f05d964e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

154f611ae318e11f9c923acbf6c5f92a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
SetEndOfFile
GetStdHandle
GetFileType
SetLastError
AddAtomA
GetLocaleInfoA
GetACP
GetStartupInfoA
GetModuleFileNameA
HeapCreate
GetCPInfo
InterlockedExchange
VirtualAlloc
VirtualQuery
TlsGetValue
GetSystemInfo
GetOEMCP
QueryPerformanceCounter
EnumResourceLanguagesA
GetCurrentProcessId
HeapDestroy
GetSystemTimeAsFileTime
TerminateProcess
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadWritePtr
lstrcpyW
UnhandledExceptionFilter
GetVersionExA
TlsFree
SetHandleCount
TlsAlloc
WriteFile
VirtualFree
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapSize
GetCurrentProcess
SetUnhandledExceptionFilter

shell32

SHGetFolderPathW

setupapi

CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

newdev

UpdateDriverForPlugAndPlayDevicesW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

CreateWindowExW
GetDlgItem
IsWindow
EnumChildWindows
SendMessageA
DestroyWindow
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

Sections

.text
Size: 91KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

154f611ae318e11f9c923acbf6c5f92a

Headers

File Characteristics

Imports

kernel32

shell32

setupapi

newdev

mprapi

user32

iphlpapi

Sections

.text Size: 91KB - Virtual size: 490KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 76KB - Virtual size: 75KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 91KB - Virtual size: 490KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 76KB - Virtual size: 75KB

.rsrc
Size: 512B - Virtual size: 4KB