1491d7d37ad04388fe767cc45eb642f6_JaffaCakes118

General

Target

1491d7d37ad04388fe767cc45eb642f6_JaffaCakes118
Size

168KB
MD5

1491d7d37ad04388fe767cc45eb642f6
SHA1

c8f67eed4d25c0dac063e435497ed56225fdea5a
SHA256

1d039c5245497389f15980b6a0263ed13b93bcd1768e66c82f65d4eeab1b6bc7
SHA512

10bb448390494aec89a395e6282c406849fb3b4a17545192ce25a4b89d8957bf0ea33b48d3e34b2249cb65c837df690e6dfcce886d20fcd83b3a5580867539df
SSDEEP

3072:d0zcagRK0wD6VznOFuhaXZR4bv24k2OqM2GFslxT59i0vw8/sRC:JagRK0wuV70UIybeJ2DMf2lxb7n/sRC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1491d7d37ad04388fe767cc45eb642f6_JaffaCakes118

Files

1491d7d37ad04388fe767cc45eb642f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ce2f795bdd609dd5f57fd21f087b4b94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

GetDlgItem
EnumChildWindows
IsWindow
CreateWindowExW
SendMessageA
DestroyWindow
GetWindowThreadProcessId

kernel32

AddAtomA
SetEndOfFile
UnhandledExceptionFilter
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetOEMCP
GetCurrentProcess
SetHandleCount
VirtualFree
TlsSetValue
TerminateProcess
HeapSize
GetStartupInfoA
TlsFree
FreeEnvironmentStringsA
IsBadWritePtr
GetCPInfo
GetFileType
VirtualQuery
GetSystemInfo
GetCurrentProcessId
EnumResourceNamesA
lstrcatA
SetLastError
GetSystemTimeAsFileTime
GetLocaleInfoA
InterlockedExchange
QueryPerformanceCounter
GetModuleFileNameA
GetACP
TlsAlloc
GetStdHandle
GetVersionExA
TlsGetValue
FreeEnvironmentStringsW
VirtualAlloc
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

setupapi

CM_Get_Global_State
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 86KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce2f795bdd609dd5f57fd21f087b4b94

Headers

File Characteristics

Imports

iphlpapi

mprapi

user32

kernel32

newdev

shell32

setupapi

Sections

.text Size: 86KB - Virtual size: 486KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 86KB - Virtual size: 486KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB