8320085a6427ac18af7321e47dd94842_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8320085a6427ac18af7321e47dd94842_JaffaCakes118
Size

153KB
MD5

8320085a6427ac18af7321e47dd94842
SHA1

929e9f6cb7fd16b22e07e2a2d2d7be0692344a78
SHA256

718718b393e4aefbde628890acca96490910b515d0dcc1fd4e7fa686a5e05d80
SHA512

931153c6166b238b827e4740912c731957ff56b6e7b0ac1c56e862996393310802c8d799f8e258673892f663896f829245f399a8db08e6287f8e0c163678a6c0
SSDEEP

3072:gXRj/k6cyCjRqDd2iptlCVE8wM8LG0udQIIJNpH/y/i:ghj5NVptlCRi3IIJN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8320085a6427ac18af7321e47dd94842_JaffaCakes118

Files

8320085a6427ac18af7321e47dd94842_JaffaCakes118
.dll windows:5 windows x86 arch:x86

951a4c24e3a6d04d035f67fdd8a48514

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Bld\main\apps\NVCoInst\objfre\i386\nvcoinst.pdb

Imports

ntdll

RtlUnwind

setupapi

SetupDiGetSelectedDriverW
SetupDiGetDriverInfoDetailW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupCloseInfFile
SetupDiGetDeviceRegistryPropertyW

kernel32

LoadLibraryA
GetACP
MultiByteToWideChar
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
CopyFileW
GlobalFree
GetSystemWindowsDirectoryW
GetFullPathNameW
GetLastError
GlobalAlloc
SetFileAttributesW
GetFileAttributesW
Process32NextW
Module32FirstW
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
GetModuleFileNameW
MoveFileExW
CreateDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetWindowsDirectoryW
ExitProcess
GetModuleHandleA
SetFilePointer
GetStdHandle
WriteFile
LCMapStringA
WideCharToMultiByte
LCMapStringW
SetStdHandle
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
VirtualFree
HeapReAlloc
FlushFileBuffers
GetModuleFileNameA
GetOEMCP

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey

lz32

LZCopy
LZOpenFileW
LZClose

Exports

Exports

NVCoInstaller

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

951a4c24e3a6d04d035f67fdd8a48514

Headers

File Characteristics

PDB Paths

Imports

ntdll

setupapi

kernel32

advapi32

lz32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 864B

.reloc Size: 2KB - Virtual size: 1KB

.text Size: 122KB - Virtual size: 124KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 122KB - Virtual size: 124KB