38add5129b1ca9c3831520ec1e136a7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38add5129b1ca9c3831520ec1e136a7f_JaffaCakes118
Size

142KB
MD5

38add5129b1ca9c3831520ec1e136a7f
SHA1

0c68d8e89b31e9fc1be566c1f498624a5ead4e78
SHA256

eda35621d54bc5b54b2b7954cc421373588cf6e6ec455dc26403f4ef77c7059d
SHA512

076e2599ec9cbcce862b297bf7b7a4c157d939dc4e2c77db74c482a5d38627f9fa058a8c91bd2945766e9ed2f44b0e5a99bf650be8709edfdb2612c4c42b83b7
SSDEEP

3072:dKtGMdxg+Way+7w4Gvs2B+A8XJivygBScJn+0xc9KMUkJfxP5+:UtDTg+Wv+7wjjLSgbFxc9KIJxP5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38add5129b1ca9c3831520ec1e136a7f_JaffaCakes118

Files

38add5129b1ca9c3831520ec1e136a7f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4ecaae9cb37edf8f3bf66d372863ca21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Get_DevNode_Status_Ex
CM_First_Range
CM_Get_HW_Prof_Flags_ExA
CM_Delete_Class_Key_Ex
CM_Test_Range_Available
CM_Is_Dock_Station_Present_Ex
CM_Get_Next_Log_Conf
CM_Modify_Res_Des_Ex
CM_Set_Class_Registry_PropertyW
CM_Get_Hardware_Profile_Info_ExW
CM_Set_HW_Prof_Ex
CM_Add_IDW
CM_Query_And_Remove_SubTree_ExA
CM_Free_Res_Des_Handle
CM_Get_Class_NameW
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_ExA
CM_Free_Log_Conf_Handle
CM_Get_Log_Conf_Priority_Ex
CM_Free_Res_Des
CM_Run_Detection_Ex
CM_Set_Class_Registry_PropertyA

kernel32

FreeUserPhysicalPages
BuildCommDCBW
BaseFlushAppcompatCache
GetModuleHandleA
LoadLibraryExA
DebugActiveProcess
_hread
VirtualAlloc
ExpungeConsoleCommandHistoryW
VDMConsoleOperation
GlobalMemoryStatusEx
LoadLibraryA
PeekConsoleInputA
CreateFileMappingW
GetConsoleCommandHistoryW
CreateEventA
GetBinaryType
QueryDosDeviceA
GetStartupInfoW
RegisterWaitForSingleObject
GetPrivateProfileStructW
UpdateResourceW
OutputDebugStringA
EnumLanguageGroupLocalesW
GetHandleContext
lstrcpy
LockResource
OpenWaitableTimerA
CancelWaitableTimer
ReleaseActCtx
SetThreadUILanguage
GetStdHandle

ntdll

NtSetSecurityObject
RtlNumberGenericTableElementsAvl
ZwQueryDirectoryObject
RtlQueryAtomInAtomTable
RtlSetBits
_wcsupr
LdrVerifyImageMatchesChecksum
RtlUnicodeToCustomCPN
ZwOpenSemaphore
RtlFindActivationContextSectionString
RtlGetVersion
NtFlushKey
NtNotifyChangeDirectoryFile
NtCompressKey
NtQueryPerformanceCounter
RtlTimeToElapsedTimeFields
isprint
RtlFreeThreadActivationContextStack
NtYieldExecution

winmm

mciSendStringA
mmioInstallIOProcA
mid32Message
tid32Message
mciGetDeviceIDW
mciGetDeviceIDFromElementIDW
midiInOpen
joyGetDevCapsW
joyGetNumDevs
mmioOpenA
mmioFlush
mmioRenameW
PlaySoundA
waveInGetDevCapsW
GetDriverModuleHandle
waveInGetErrorTextW
mmioDescend
midiInStart
auxGetDevCapsA
timeGetSystemTime

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xxxdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.iiidata
Size: 58KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ecaae9cb37edf8f3bf66d372863ca21

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

kernel32

ntdll

winmm

Sections

.text Size: 78KB - Virtual size: 77KB

.xxxdata Size: 3KB - Virtual size: 2KB

.iiidata Size: 58KB - Virtual size: 212KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 500B

.text
Size: 78KB - Virtual size: 77KB

.xxxdata
Size: 3KB - Virtual size: 2KB

.iiidata
Size: 58KB - Virtual size: 212KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 500B