8db6fca744c5faf437a7910649bdf2a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8db6fca744c5faf437a7910649bdf2a6_JaffaCakes118
Size

73KB
MD5

8db6fca744c5faf437a7910649bdf2a6
SHA1

b26dad8df653ebed7e558beff2e288d7a58a5995
SHA256

f55c16717aeb15602bc21a765e62b84c36c4ba48630c3ebf7d3dfda9e2ce17b3
SHA512

b1e1b0e5a135b3462b3e37d103ac0ae9edad6a99b6a225d7915d81fd312ecafbdd1492b248703ecbe0946878ceeee9a2913070dd574b650ac9b542719b5e2b74
SSDEEP

1536:JLmu81uPHq86UzYBpxDHSsNYOZc1FPdrfp5:JLZ8ERzwSsisclrfp5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db6fca744c5faf437a7910649bdf2a6_JaffaCakes118

Files

8db6fca744c5faf437a7910649bdf2a6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9a6faf239aa7f4abd21b3f5491f4175

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\test3\rtlsetup\xp\objfre_wxp_x86\i386\lansetx.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

kernel32

LocalAlloc
GetLastError
FindFirstFileA
SetLastError
Sleep
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
CreateFileA
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStringTypeA
GetStringTypeW
SetEndOfFile
ReadFile
SetFilePointer
lstrlenA
LocalFree
GetVersionExA
GetCurrentDirectoryA
FreeEnvironmentStringsA

cfgmgr32

CM_Get_DevNode_Status
CM_Connect_MachineA
CM_Locate_DevNode_ExA
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine

setupapi

SetupFindNextLine
SetupGetStringFieldA
SetupFindFirstLineA
SetupCloseInfFile
SetupOpenInfFileA
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiClassGuidsFromNameA
SetupDiRemoveDevice
SetupDiDeleteDevRegKey
SetupCopyOEMInfA
SetupAddToSourceListA
SetupRemoveFromSourceListA
SetupUninstallOEMInfA

newdev

UpdateDriverForPlugAndPlayDevicesA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9a6faf239aa7f4abd21b3f5491f4175

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

cfgmgr32

setupapi

newdev

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 28KB - Virtual size: 28KB

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 28KB - Virtual size: 28KB