b43b73036a8099ad00c5bb4610db85b3_JaffaCakes118

General

Target

b43b73036a8099ad00c5bb4610db85b3_JaffaCakes118
Size

170KB
MD5

b43b73036a8099ad00c5bb4610db85b3
SHA1

d878a2001b72ec82a24e973cd69b41acbb2e97f8
SHA256

6f775cd8a3ddf39af2e5685c16d660493c7393170aaae5f137aaa86dfe86a399
SHA512

232cd8dcc774436ddf049355bdb7c672073b486ff76bf0d3e8940570e399a59f4bf418a736829fcb320350716f27eaa0ba137e4b1f2b1f61660d33538635ebc1
SSDEEP

3072:q5NinYgDEC7ucwnlm2pQsxYVTqiTwZjB+WOyt2VpK6qpW48lPQwjF:yOn7AnlVys4TqXn+WOyt36RF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b43b73036a8099ad00c5bb4610db85b3_JaffaCakes118

Files

b43b73036a8099ad00c5bb4610db85b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b10f9fb493108b61baf7e70f5d41dbf2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateWindowExW
IsWindow
EnumChildWindows
DestroyWindow
GetDlgItem
SendMessageA
GetWindowThreadProcessId

setupapi

CM_Get_Global_State
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

AddAtomA
WriteFile
TlsAlloc
GetModuleFileNameA
TlsFree
QueryPerformanceCounter
InterlockedExchange
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetCurrentProcess
GetLocaleInfoA
FreeEnvironmentStringsA
TlsSetValue
VirtualQuery
GetOEMCP
EnumResourceNamesA
IsBadWritePtr
HeapCreate
SetLastError
GetEnvironmentStrings
GetSystemTimeAsFileTime
VirtualFree
GetACP
TlsGetValue
HeapSize
lstrcatA
SetHandleCount
GetFileType
GetStartupInfoA
VirtualAlloc
TerminateProcess
GetSystemInfo
HeapDestroy
GetCPInfo
GetCurrentProcessId
SetEndOfFile
GetStdHandle
GetVersionExA
SetUnhandledExceptionFilter

shell32

SHGetFolderPathW

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

Sections

.text
Size: 91KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b10f9fb493108b61baf7e70f5d41dbf2

Headers

File Characteristics

Imports

user32

setupapi

kernel32

shell32

mprapi

newdev

iphlpapi

Sections

.text Size: 91KB - Virtual size: 491KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 75KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 91KB - Virtual size: 491KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 4KB