25dc245fe2a71bdec57e1c9e4891538d_JaffaCakes118

General

Target

25dc245fe2a71bdec57e1c9e4891538d_JaffaCakes118
Size

162KB
MD5

25dc245fe2a71bdec57e1c9e4891538d
SHA1

938b0797e7a9f0d7e04188f5d0473aa54d53e764
SHA256

96ef76d5909efccd727f95ac004eb8bf1995ad1117135366ea29b456ecbaea25
SHA512

4081e04156e6d509cf597df931c4a7497e7dc44886df989ac7d830cb48e28cf0b79863e6bf5bbcf597c3bc4e2d83977bc02d2812843ff9f414c8ac020728e5f4
SSDEEP

3072:Dwt/pRafzbNhE4x4G/Z+96KGaIOovArjpEoYqfs3kefYgstt19MW:IB0089Z++bOpEotfs0ZZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25dc245fe2a71bdec57e1c9e4891538d_JaffaCakes118

Files

25dc245fe2a71bdec57e1c9e4891538d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6658cba238497388d75d2da663605f96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

InterlockedExchange
GetStdHandle
TerminateProcess
GetVersionExA
GetCurrentProcessId
SetLastError
AddAtomA
FreeEnvironmentStringsW
GetACP
HeapSize
TlsFree
WriteFile
GetCurrentProcess
GetOEMCP
GetLocaleInfoA
GetEnvironmentStringsW
IsBadWritePtr
EnumResourceNamesW
VirtualQuery
TlsAlloc
QueryPerformanceCounter
UnhandledExceptionFilter
TlsSetValue
GetStartupInfoA
GetEnvironmentStrings
VirtualAlloc
GetFileType
lstrcatW
FreeEnvironmentStringsA
SetHandleCount
TlsGetValue
GetSystemInfo
HeapCreate
GetSystemTimeAsFileTime
VirtualFree
GetCPInfo
GetModuleFileNameA
SetEndOfFile
HeapDestroy
SetUnhandledExceptionFilter

user32

GetDlgItem
DestroyWindow
SendMessageA
EnumChildWindows
CreateWindowExW
IsWindow
GetWindowThreadProcessId

shell32

SHGetFolderPathW

setupapi

CM_Get_Global_State
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

Sections

.text
Size: 80KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6658cba238497388d75d2da663605f96

Headers

File Characteristics

Imports

iphlpapi

newdev

kernel32

user32

shell32

setupapi

mprapi

Sections

.text Size: 80KB - Virtual size: 487KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 487KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB