2a6c881adcd3c77a327a428576bfd94e_JaffaCakes118

General

Target

2a6c881adcd3c77a327a428576bfd94e_JaffaCakes118
Size

286KB
MD5

2a6c881adcd3c77a327a428576bfd94e
SHA1

2c1decf8a52b6e610a5024406399b696a05be1be
SHA256

bf0c3885d935d61b9ade6f2eaa3bfff53a4c137371486ff7614e4c766b5bd88c
SHA512

919e79b3b0d6e472cef685613851a453f33e5cce714b35cbe064abfc383f1eff5a42e4b69b0fdc3fb9901780236c8f97cc7e5be402f760687a325758780a381e
SSDEEP

6144:dFb/ospsxBDcknkz9iHvmXV7JUdx10X+CNlx:dVA0sxBDdn+UHvs/UdSR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a6c881adcd3c77a327a428576bfd94e_JaffaCakes118

Files

2a6c881adcd3c77a327a428576bfd94e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b87fa6140839fe0aacd2fa39087d7991

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

kernel32

AddAtomA
GetStartupInfoA
GetCurrentProcess
VirtualFree
GetModuleFileNameA
IsBadWritePtr
InterlockedExchange
VirtualQuery
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetFileType
HeapDestroy
SetEndOfFile
TerminateProcess
VirtualAlloc
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetOEMCP
TlsFree
EnumResourceLanguagesA
GetACP
GetSystemInfo
GetCurrentProcessId
TlsAlloc
TlsGetValue
lstrcpyW
GetCPInfo
SetLastError
QueryPerformanceCounter
GetVersionExA
HeapCreate
HeapSize
GetStdHandle
FreeEnvironmentStringsW
GetLocaleInfoA
TlsSetValue
FreeEnvironmentStringsA
SetHandleCount
SetUnhandledExceptionFilter

user32

SendMessageA
DestroyWindow
CreateWindowExW
IsWindow
EnumChildWindows
GetDlgItem
GetWindowThreadProcessId

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

Sections

.text
Size: 151KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b87fa6140839fe0aacd2fa39087d7991

Headers

File Characteristics

Imports

newdev

shell32

setupapi

iphlpapi

kernel32

user32

mprapi

Sections

.text Size: 151KB - Virtual size: 283KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 131KB - Virtual size: 131KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 151KB - Virtual size: 283KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 131KB - Virtual size: 131KB

.rsrc
Size: 512B - Virtual size: 4KB