41e827c0bab1aca5fc5aff25d676ebf9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41e827c0bab1aca5fc5aff25d676ebf9_JaffaCakes118
Size

67KB
MD5

41e827c0bab1aca5fc5aff25d676ebf9
SHA1

eac53bd74ef243c61e6f495e2c78b2514209fe3c
SHA256

991fa2d98dbe01219ca0df6a7006e6189ac2bc60806f731706c0cc01b964edab
SHA512

5d25eb115d94c78bd2d3fb52f11d1ab8bb7b82415006b115e8006856e50569dc490248fd4faba85edd0657653c3d134fac19cf370e7dae84a91d3bff53e34dac
SSDEEP

1536:2Ud6cj8X62MTaUMMnMMMMMQqvuOYQIYQDvmIEZPY17bK9xnqYJDr1pOHUp2Q/XSj:2e6cAFUMMnMMMMMX7I7Dvm7pjxqwHyU0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41e827c0bab1aca5fc5aff25d676ebf9_JaffaCakes118

Files

41e827c0bab1aca5fc5aff25d676ebf9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8587d27ee9f7700005f242eb94bd186

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

ddraw

DirectDrawCreate

rtutils

RouterLogRegisterA
RouterLogEventExA
RouterLogEventStringA
TraceDumpExA
LogErrorW
RouterGetErrorStringW

shell32

SHGetPathFromIDListW
SHCreateShellItem
ShellAboutW
SHGetSpecialFolderLocation
SHPathPrepareForWriteW
Shell_NotifyIconW
SHGetInstanceExplorer
ShellExecuteW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHGetFolderPathW
ExtractIconW
SHGetPathFromIDListA
SHGetFolderPathAndSubDirW
SHSetLocalizedName
DragQueryFileW
SHAppBarMessage
SHChangeNotify
ExtractIconExW
SHGetDataFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
Shell_NotifyIconA
SHFileOperationW
ExtractAssociatedIconExW
SHBindToParent
SHGetFolderLocation
ShellExecuteExW
ShellExecuteA

uxtheme

GetThemeMargins
GetThemeBackgroundContentRect
GetThemeFont
GetThemeAppProperties
DrawThemeParentBackground
DrawThemeBackground
IsAppThemed
GetThemeColor
CloseThemeData
SetWindowTheme
GetThemeMetric
IsThemeActive
GetThemeBackgroundExtent
GetThemePartSize
OpenThemeData

ntdll

RtlAddAccessAllowedObjectAce
NtQuerySemaphore
RtlAdjustPrivilege
NtSuspendProcess

psapi

GetProcessImageFileNameW

Sections

.text
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8587d27ee9f7700005f242eb94bd186

Headers

File Characteristics

Imports

kernel32

ddraw

rtutils

shell32

uxtheme

ntdll

psapi

Sections

.text Size: 1024B - Virtual size: 996B

.rsrc Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 136KB

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 28KB - Virtual size: 27KB

.text
Size: 1024B - Virtual size: 996B

.rsrc
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 136KB

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 28KB - Virtual size: 27KB