d301805c01f0d9af6e6a5944c77a11a4_JaffaCakes118

General

Target

d301805c01f0d9af6e6a5944c77a11a4_JaffaCakes118
Size

170KB
MD5

d301805c01f0d9af6e6a5944c77a11a4
SHA1

6cdeb567a944c27d3358a7febbc0a991858dc487
SHA256

16d4d9919f50b2b340f2f0d2220a8afb203df89373c68f71f1488fe6c462cff5
SHA512

d84d95bf5b9a0ccbe3777af574891e6dbc4f9974fac07da8e1a5437722d2bde08752bc1b0a2842837020d77fe912ff04343d18389061311da8ae316bb03f8933
SSDEEP

3072:jUQ0VjvC1Fb4YNurZt0tJXiCd6lCO2kSByjZ1zM3vzcOxwW8A:jUQCvC1Fb6X0tJXiS6V2QjZ1zQTVn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d301805c01f0d9af6e6a5944c77a11a4_JaffaCakes118

Files

d301805c01f0d9af6e6a5944c77a11a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c504396131da88f4e3c08d9eea5c880e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

newdev

UpdateDriverForPlugAndPlayDevicesW

user32

SendMessageA
CreateWindowExW
EnumChildWindows
GetDlgItem
DestroyWindow
IsWindow
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

shell32

SHGetFolderPathW

kernel32

UnhandledExceptionFilter
GetCPInfo
GetStartupInfoA
GetACP
AddAtomA
GetVersionExA
GetSystemInfo
GetStdHandle
IsBadWritePtr
VirtualAlloc
GetCurrentProcess
GetSystemTimeAsFileTime
TlsAlloc
TlsSetValue
GetEnvironmentStringsW
QueryPerformanceCounter
GetEnvironmentStrings
TlsGetValue
SetLastError
TlsFree
EnumResourceNamesA
GetLocaleInfoA
SetEndOfFile
InterlockedExchange
SetHandleCount
WriteFile
lstrcatA
FreeEnvironmentStringsW
HeapCreate
TerminateProcess
VirtualQuery
GetOEMCP
HeapSize
VirtualFree
GetCurrentProcessId
FreeEnvironmentStringsA
HeapDestroy
GetModuleFileNameA
GetFileType
SetUnhandledExceptionFilter

setupapi

CM_Get_Global_State
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 92KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c504396131da88f4e3c08d9eea5c880e

Headers

File Characteristics

Imports

mprapi

newdev

user32

iphlpapi

shell32

kernel32

setupapi

Sections

.text Size: 92KB - Virtual size: 488KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 74KB - Virtual size: 73KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 488KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 512B - Virtual size: 4KB