661a343978e21aa41531b2789ada1705_JaffaCakes118

General

Target

661a343978e21aa41531b2789ada1705_JaffaCakes118
Size

169KB
MD5

661a343978e21aa41531b2789ada1705
SHA1

da942d0e2f8f8c9ed11b04b21c33b5baef2389fb
SHA256

8b9393be1bcf9f93c319f80ebcc3c3aac5a4f4cd90189193fdb4763a7e2fd2b0
SHA512

6b1a7009e46b366ce1c01b3469e7cc0e663cf72732c741645e344954ddc9f0cba1a94d04d0a1af720461ed3d3d94ff1048c26db8b225cfd05cf594cdc47f2edb
SSDEEP

3072:2ySe1RoSvLjGOLaW2GVUYCCl7t1U21wyt21eKuhEfWhpwlQB3kl49V9K9IM38:2yt0SxNnCMty21wyFSlQBUa9+6M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
661a343978e21aa41531b2789ada1705_JaffaCakes118

Files

661a343978e21aa41531b2789ada1705_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ccb0450b5af0a5f5e09ceee570f89f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIA
StrStrA

shell32

SHGetFolderPathW

setupapi

CM_Get_Sibling
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

InterlockedDecrement
ReleaseSemaphore
AddAtomW
DisableThreadLibraryCalls
lstrlenA
WideCharToMultiByte
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
GetSystemTime
LoadLibraryA
GetCurrentThread
IsBadWritePtr
FindResourceA
FreeLibrary
GetCurrentThreadId
Sleep
ResetEvent
GetProcAddress
MultiByteToWideChar
EnumResourceLanguagesW
GetSystemInfo
CreateFileW
GlobalAlloc
VirtualAlloc
HeapFree
LockResource
InterlockedIncrement
GetLastError
GetCurrentProcessId
LeaveCriticalSection
SetThreadPriority
QueryPerformanceCounter
GetModuleFileNameW
LoadResource
GetGeoInfoW
CreateMutexA
EnterCriticalSection
LoadLibraryW
GetThreadPriority
GetModuleFileNameA
CreateSemaphoreA
GetTickCount
VirtualFree
ReleaseMutex
GetProcessHeap
IsBadReadPtr
ExitProcess

iphlpapi

GetIpAddrTable

Sections

.text
Size: 86KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ccb0450b5af0a5f5e09ceee570f89f2

Headers

File Characteristics

Imports

shlwapi

shell32

setupapi

newdev

kernel32

iphlpapi

Sections

.text Size: 86KB - Virtual size: 485KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 80KB - Virtual size: 79KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 86KB - Virtual size: 485KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 512B - Virtual size: 4KB