3de406d8575a18e624545a7dd0c7111f_JaffaCakes118

General

Target

3de406d8575a18e624545a7dd0c7111f_JaffaCakes118
Size

281KB
MD5

3de406d8575a18e624545a7dd0c7111f
SHA1

d355eb85c597c96a09ac86edb4e3e2190f96547e
SHA256

ac34fe4d2e67b0537f72ed09c04da773f3a26bcf3db3bb7e1d8d4bab18e2469b
SHA512

5fb1a86d268fd56d78148ac5d8c2e1e6d53804129a22352916cd0378b89b113fe79c0413959bedd267cc5e10ecbdf5fb667e2ed51a2bac51ee064508d63a0488
SSDEEP

6144:MTHG3Gl9QyT357cKrD6g5j/vZKq0Qx41OPDROpx9vpGOSRCB:MTQkWIqKrDzt/hKLvMlOpx9oE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3de406d8575a18e624545a7dd0c7111f_JaffaCakes118

Files

3de406d8575a18e624545a7dd0c7111f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55155328932c849c60433c9aa61e61a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapSize
GetSystemInfo
GetCPInfo
AddAtomA
GetOEMCP
IsBadWritePtr
GetStdHandle
SetLastError
SetHandleCount
GetFileType
GetModuleFileNameA
TlsGetValue
SetEndOfFile
HeapCreate
VirtualAlloc
TlsFree
GetEnvironmentStringsW
QueryPerformanceCounter
EnumResourceLanguagesA
WriteFile
GetEnvironmentStrings
TlsAlloc
InterlockedExchange
lstrcpyW
VirtualFree
HeapDestroy
FreeEnvironmentStringsA
GetLocaleInfoA
GetVersionExA
GetSystemTimeAsFileTime
TerminateProcess
GetACP
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetStartupInfoA
VirtualQuery
GetCurrentProcessId
TlsSetValue
GetCurrentProcess
SetUnhandledExceptionFilter

setupapi

CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

user32

EnumChildWindows
DestroyWindow
GetDlgItem
IsWindow
SendMessageA
CreateWindowExW
GetWindowThreadProcessId

shell32

SHGetFolderPathW

Sections

.text
Size: 138KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55155328932c849c60433c9aa61e61a5

Headers

File Characteristics

Imports

kernel32

setupapi

mprapi

newdev

iphlpapi

user32

shell32

Sections

.text Size: 138KB - Virtual size: 274KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 139KB - Virtual size: 139KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 138KB - Virtual size: 274KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 139KB - Virtual size: 139KB

.rsrc
Size: 512B - Virtual size: 4KB