2879c089afbe2511f271b1888581768a_JaffaCakes118

General

Target

2879c089afbe2511f271b1888581768a_JaffaCakes118
Size

269KB
MD5

2879c089afbe2511f271b1888581768a
SHA1

fb770ffedea2cafe34c3b8607ff943645deafa48
SHA256

dc16c07ae83165a623010db91bd0f84abbd4aa71ddd3c885472680310757a3dd
SHA512

fe53a72411ad470024b138b61ecfbc7a4127a387c739fc3330263bfd6661329aa36b221facf4cf79770c353855075c1d6326ed64bff83d594c510b7e11da16fa
SSDEEP

6144:wMlQFuqDtqObd9acR91QY7EgITgYEJvPUY:B+Fuy4gdGY7EgmEJXUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2879c089afbe2511f271b1888581768a_JaffaCakes118

Files

2879c089afbe2511f271b1888581768a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c176149d26b84460ccabdaf55e611db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow
EnumChildWindows
CreateWindowExW
GetDlgItem
IsWindow
SendMessageA
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

kernel32

GetCPInfo
TerminateProcess
GetOEMCP
AddAtomA
HeapCreate
TlsSetValue
GetVersionExA
QueryPerformanceCounter
VirtualQuery
VirtualAlloc
FreeEnvironmentStringsW
VirtualFree
GetEnvironmentStringsW
InterlockedExchange
GetCurrentProcessId
GetLocaleInfoA
TlsGetValue
EnumResourceNamesW
SetHandleCount
SetEndOfFile
GetStdHandle
TlsAlloc
HeapSize
GetSystemTimeAsFileTime
GetFileType
GetStartupInfoA
HeapDestroy
lstrcatW
TlsFree
SetLastError
UnhandledExceptionFilter
GetEnvironmentStrings
GetACP
GetSystemInfo
GetCurrentProcess
IsBadWritePtr
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
SetUnhandledExceptionFilter

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

setupapi

CM_Get_Global_State
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 136KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c176149d26b84460ccabdaf55e611db

Headers

File Characteristics

Imports

user32

iphlpapi

kernel32

newdev

shell32

setupapi

mprapi

Sections

.text Size: 136KB - Virtual size: 283KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 129KB - Virtual size: 129KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 283KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 129KB - Virtual size: 129KB

.rsrc
Size: 512B - Virtual size: 4KB