317726ec02535816b783c4b36d3ba27f_JaffaCakes118

General

Target

317726ec02535816b783c4b36d3ba27f_JaffaCakes118
Size

285KB
MD5

317726ec02535816b783c4b36d3ba27f
SHA1

e8e04524ee83aa3968eda5ad026bf1eb108b6429
SHA256

c938f14304177b71cd4238f3b92d1fe926f9625acbbe968141cfe5988402eaf0
SHA512

1c527af93b70f8704e52dffb1a23ae2fb65519e22abfea4d3ce9e058fb3a5c77cd360b49f8f88de6788c3aacd52665368770d1180b0157234bd78bbfc7fb899c
SSDEEP

6144:g9mkNk092opCQ+EIagxdn5VMLIKKutPsrE8ntwJRpm1s:g9/k02SCnaedn5eIKKuoxtwpks

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317726ec02535816b783c4b36d3ba27f_JaffaCakes118

Files

317726ec02535816b783c4b36d3ba27f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

121bd46360d11bc6e80b0fe554a420b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileType
SetEndOfFile
VirtualQuery
AddAtomA
SetLastError
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetEnvironmentStrings
GetVersionExA
VirtualFree
GetLocaleInfoA
HeapSize
GetOEMCP
QueryPerformanceCounter
SetHandleCount
InterlockedExchange
GetCurrentProcess
TlsSetValue
GetACP
HeapCreate
GetCurrentProcessId
EnumResourceLanguagesA
GetModuleFileNameA
GetCPInfo
WriteFile
GetEnvironmentStringsW
HeapDestroy
TlsAlloc
TlsGetValue
lstrcpynW
GetStdHandle
FreeEnvironmentStringsA
TerminateProcess
IsBadWritePtr
GetSystemInfo
TlsFree
VirtualAlloc
FreeEnvironmentStringsW
GetStartupInfoA
SetUnhandledExceptionFilter

iphlpapi

GetIpAddrTable

setupapi

CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

user32

SendMessageA
IsWindow
CreateWindowExW
GetDlgItem
EnumChildWindows
DestroyWindow
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

Sections

.text
Size: 152KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

121bd46360d11bc6e80b0fe554a420b1

Headers

File Characteristics

Imports

kernel32

iphlpapi

setupapi

mprapi

user32

newdev

shell32

Sections

.text Size: 152KB - Virtual size: 283KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 129KB - Virtual size: 129KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 152KB - Virtual size: 283KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 129KB - Virtual size: 129KB

.rsrc
Size: 512B - Virtual size: 4KB