6f1e4d34bbf357af381a2bf906b50a71_JaffaCakes118

General

Target

6f1e4d34bbf357af381a2bf906b50a71_JaffaCakes118
Size

1.9MB
MD5

6f1e4d34bbf357af381a2bf906b50a71
SHA1

c08d6d7d271e05e02c46b94c54c97af1392bde09
SHA256

6f310fe6cb763eaadb94394be61c46be523c4bd6517ce5785441bf3b1cb08aab
SHA512

d839b3c4efb74dbf26c053c6906a8df5feb28ffa890740e1df45615d9b1318228b635bdea723c9ac5cfda59beb9dbec1c369d5d5d77eb4b87734efc31ad35dbf
SSDEEP

49152:pb1W+ZBN1ODAVIYtmWlAU9bkh985gNnX7SpJa4g5:pb1W+aDA5mWlA1hkgNnLS3ap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f1e4d34bbf357af381a2bf906b50a71_JaffaCakes118

Files

6f1e4d34bbf357af381a2bf906b50a71_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d988d9890cc38fef24f4a6dd2056b49b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

kernel32

TlsGetValue
AddAtomA
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetACP
GetSystemInfo
GetOEMCP
VirtualQuery
GetVersionExA
TlsFree
HeapSize
GetEnvironmentStrings
GetCurrentProcess
IsBadWritePtr
SetLastError
UnhandledExceptionFilter
EnumResourceLanguagesA
GetCurrentProcessId
HeapDestroy
SetHandleCount
GetFileType
GetLocaleInfoA
GetEnvironmentStringsW
InterlockedExchange
VirtualAlloc
SetEndOfFile
TerminateProcess
GetModuleFileNameA
WriteFile
lstrcpynW
TlsAlloc
GetStdHandle
GetCPInfo
GetStartupInfoA
HeapCreate
VirtualFree
FreeEnvironmentStringsW
QueryPerformanceCounter
TlsSetValue
SetUnhandledExceptionFilter

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

user32

DestroyWindow
GetDlgItem
SendMessageA
CreateWindowExW
EnumChildWindows
IsWindow
GetWindowThreadProcessId

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 989KB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 967KB - Virtual size: 967KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d988d9890cc38fef24f4a6dd2056b49b

Headers

File Characteristics

Imports

shell32

kernel32

setupapi

iphlpapi

user32

mprapi

newdev

Sections

.text Size: 989KB - Virtual size: 3.9MB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 967KB - Virtual size: 967KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 989KB - Virtual size: 3.9MB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 967KB - Virtual size: 967KB

.rsrc
Size: 512B - Virtual size: 4KB