25881405eb200a3aa015c4232247e8a9_JaffaCakes118

General

Target

25881405eb200a3aa015c4232247e8a9_JaffaCakes118
Size

1.8MB
MD5

25881405eb200a3aa015c4232247e8a9
SHA1

64acdbe9d8db42682d0a1b056aa29d3ec8eb2d7e
SHA256

a4a0379131ade8c87afffc51bf39032b4fe3dbc45ec35fc8c474dc7cdaf24bd0
SHA512

a69f0500bdcc352673d839777bc7247851b1d4555fdf35a65beeec5ffe58d5fb3af3cb715cd55641cca7279afc2019e9d5abdf8ebcc36c0d768d5145837ab90a
SSDEEP

49152:BvMYin9azuwT/81Pb4zUuJTUk5rMsJSl6Lc:BvM/WI1PKPvkuc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25881405eb200a3aa015c4232247e8a9_JaffaCakes118

Files

25881405eb200a3aa015c4232247e8a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

314fcabb4772b038efd3352df8fe9f74

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

setupapi

CM_Get_Global_State
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

user32

DestroyWindow
SendMessageA
IsWindow
GetDlgItem
EnumChildWindows
CreateWindowExW
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

VirtualAlloc
VirtualFree
GetVersionExA
QueryPerformanceCounter
GetEnvironmentStringsW
AddAtomA
GetCurrentProcess
HeapSize
GetEnvironmentStrings
WriteFile
GetStartupInfoA
TlsSetValue
FreeEnvironmentStringsA
GetOEMCP
GetCPInfo
GetModuleFileNameA
TlsAlloc
GetSystemTimeAsFileTime
TlsGetValue
EnumResourceNamesW
HeapCreate
IsBadWritePtr
TlsFree
TerminateProcess
GetSystemInfo
UnhandledExceptionFilter
HeapDestroy
lstrcatW
GetFileType
GetACP
InterlockedExchange
FreeEnvironmentStringsW
SetHandleCount
GetCurrentProcessId
SetLastError
GetStdHandle
GetLocaleInfoA
SetEndOfFile
VirtualQuery
SetUnhandledExceptionFilter

shell32

SHGetFolderPathW

Sections

.text
Size: 805KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 993KB - Virtual size: 992KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

314fcabb4772b038efd3352df8fe9f74

Headers

File Characteristics

Imports

iphlpapi

mprapi

setupapi

user32

newdev

kernel32

shell32

Sections

.text Size: 805KB - Virtual size: 3.9MB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 993KB - Virtual size: 992KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 805KB - Virtual size: 3.9MB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 993KB - Virtual size: 992KB

.rsrc
Size: 512B - Virtual size: 4KB