83d76fa16a0fc9cded8f8dff0962cfee_JaffaCakes118

General

Target

83d76fa16a0fc9cded8f8dff0962cfee_JaffaCakes118
Size

283KB
MD5

83d76fa16a0fc9cded8f8dff0962cfee
SHA1

6545af7eecc6fd06950a6c50c279387500d77113
SHA256

e378807bd28bd46205504a06e37fe3b028e6e0deca075d17cf8c5aaeb0842207
SHA512

022766e49e18d8d2429622879b156896c0b91912e011c0b28559d7f2a0df560ef3fd896c7f8fdafa878780e3ab55c043fe40dceffadaccd6bf592efb0a8c432e
SSDEEP

6144:krn2ca/TMeqZYgS7zFDIqKjRrpKvmj9TDAbaiUTrudf:krn/0TM/ZYgS7O5BfFAf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83d76fa16a0fc9cded8f8dff0962cfee_JaffaCakes118

Files

83d76fa16a0fc9cded8f8dff0962cfee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45c0e6b72e86bbae786d580e84844171

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

EnumChildWindows
DestroyWindow
CreateWindowExW
GetDlgItem
SendMessageA
IsWindow
GetWindowThreadProcessId

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

kernel32

WriteFile
GetStdHandle
TlsFree
GetEnvironmentStrings
GetFileType
TlsAlloc
AddAtomA
TlsSetValue
UnhandledExceptionFilter
GetCurrentProcessId
HeapSize
HeapCreate
GetSystemTimeAsFileTime
IsBadWritePtr
VirtualAlloc
TlsGetValue
FreeEnvironmentStringsA
EnumResourceLanguagesA
HeapDestroy
GetStartupInfoA
GetVersionExA
GetSystemInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
VirtualQuery
lstrcpyW
GetCPInfo
GetLocaleInfoA
GetACP
InterlockedExchange
GetOEMCP
SetLastError
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
VirtualFree
SetEndOfFile
QueryPerformanceCounter
SetUnhandledExceptionFilter

iphlpapi

GetIpAddrTable

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 145KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c0e6b72e86bbae786d580e84844171

Headers

File Characteristics

Imports

mprapi

user32

newdev

shell32

kernel32

iphlpapi

setupapi

Sections

.text Size: 145KB - Virtual size: 276KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 135KB - Virtual size: 134KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 145KB - Virtual size: 276KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 135KB - Virtual size: 134KB

.rsrc
Size: 512B - Virtual size: 4KB