a21c82fa862df542505e0d34024e7eb0_JaffaCakes118

General

Target

a21c82fa862df542505e0d34024e7eb0_JaffaCakes118
Size

283KB
MD5

a21c82fa862df542505e0d34024e7eb0
SHA1

0a6c1aab3182af5b86122c02af931c3e7f081759
SHA256

1052083d19325b21d2d2313c3d7774427b07fa832ba2028013911b6d5549bba9
SHA512

05cc091ac226e28cdf7c8ce6d1df21366465e715a121b18eccbf12a37499a3932c8fc0d34e466641b80d4cabbd1f1f2d4fec5f982fe7da6bd1f8e167e1177506
SSDEEP

6144:FQDq/qse9+Tg0fIXxdH8bUEmisPd8xFC5Y6qVXSGYkH:FQkqsdsdzlEmisC6Y6qVXSGNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a21c82fa862df542505e0d34024e7eb0_JaffaCakes118

Files

a21c82fa862df542505e0d34024e7eb0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16c68b1fa9ca696b6e666c08f2730a40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetIpAddrTable

kernel32

GetStartupInfoA
GetSystemInfo
SetLastError
AddAtomA
VirtualFree
GetLocaleInfoA
GetCurrentProcessId
InterlockedExchange
HeapCreate
GetCurrentProcess
TlsAlloc
GetEnvironmentStringsW
GetFileType
TlsFree
TerminateProcess
GetSystemTimeAsFileTime
SetEndOfFile
FreeEnvironmentStringsA
GetVersionExA
IsBadWritePtr
EnumResourceLanguagesA
VirtualAlloc
GetCPInfo
lstrcpyW
GetEnvironmentStrings
GetACP
TlsSetValue
GetModuleFileNameA
GetStdHandle
TlsGetValue
QueryPerformanceCounter
VirtualQuery
WriteFile
SetHandleCount
HeapDestroy
FreeEnvironmentStringsW
UnhandledExceptionFilter
HeapSize
GetOEMCP
SetUnhandledExceptionFilter

shell32

SHGetFolderPathW

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

user32

CreateWindowExW
DestroyWindow
SendMessageA
GetDlgItem
EnumChildWindows
IsWindow
GetWindowThreadProcessId

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 146KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16c68b1fa9ca696b6e666c08f2730a40

Headers

File Characteristics

Imports

iphlpapi

kernel32

shell32

setupapi

user32

mprapi

newdev

Sections

.text Size: 146KB - Virtual size: 277KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 134KB - Virtual size: 133KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 146KB - Virtual size: 277KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 134KB - Virtual size: 133KB

.rsrc
Size: 512B - Virtual size: 4KB