426c135748d9da9ee2fdf462835d4691_JaffaCakes118

General

Target

426c135748d9da9ee2fdf462835d4691_JaffaCakes118
Size

162KB
MD5

426c135748d9da9ee2fdf462835d4691
SHA1

6a08ebad14289bb084091e635dad5819cbb1dc35
SHA256

cd2ff8ab62d02d1313896ca5917901f371abb1b149bc8125d8c2f793bb1f11d5
SHA512

6be673bead47f0906f80ebc7846707335bcc55d300282769b23c6f001d2e3304f165ba27e69d7b0ccb7dfcb81eb6d4464752dc8f48f268236b2c7acca6fd6a64
SSDEEP

3072:Dwt/pRayzbNhE4x4G/Z+96KGaIOovArjpEoYqfs3kefYgstt19MW:IB0189Z++bOpEotfs0ZZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
426c135748d9da9ee2fdf462835d4691_JaffaCakes118

Files

426c135748d9da9ee2fdf462835d4691_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6658cba238497388d75d2da663605f96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

InterlockedExchange
GetStdHandle
TerminateProcess
GetVersionExA
GetCurrentProcessId
SetLastError
AddAtomA
FreeEnvironmentStringsW
GetACP
HeapSize
TlsFree
WriteFile
GetCurrentProcess
GetOEMCP
GetLocaleInfoA
GetEnvironmentStringsW
IsBadWritePtr
EnumResourceNamesW
VirtualQuery
TlsAlloc
QueryPerformanceCounter
UnhandledExceptionFilter
TlsSetValue
GetStartupInfoA
GetEnvironmentStrings
VirtualAlloc
GetFileType
lstrcatW
FreeEnvironmentStringsA
SetHandleCount
TlsGetValue
GetSystemInfo
HeapCreate
GetSystemTimeAsFileTime
VirtualFree
GetCPInfo
GetModuleFileNameA
SetEndOfFile
HeapDestroy
SetUnhandledExceptionFilter

user32

GetDlgItem
DestroyWindow
SendMessageA
EnumChildWindows
CreateWindowExW
IsWindow
GetWindowThreadProcessId

shell32

SHGetFolderPathW

setupapi

CM_Get_Global_State
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

Sections

.text
Size: 80KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6658cba238497388d75d2da663605f96

Headers

File Characteristics

Imports

iphlpapi

newdev

kernel32

user32

shell32

setupapi

mprapi

Sections

.text Size: 80KB - Virtual size: 487KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 487KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB