d0e0d17ad9290fc19ee2030de52914b6_JaffaCakes118

General

Target

d0e0d17ad9290fc19ee2030de52914b6_JaffaCakes118
Size

163KB
MD5

d0e0d17ad9290fc19ee2030de52914b6
SHA1

4c9353d226ac9c07e82371d69ba30ac22c324b8e
SHA256

967299bf9460475f88854161c8373a63b89e38d1d25809386787f2e5af1d6892
SHA512

833acae9cd35e54200016e46308e950b410f969ad240de48c73f3188456d4c206b45e66a8efb3a240be2b2561fe60b7c62a35f4947cd30ffeb73986f323b2097
SSDEEP

3072:5KQOmj8bW8EkPOE1/z1DKHXsLPkdZppvW97:5KQOmj8NPTLgXsL0ZppQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0e0d17ad9290fc19ee2030de52914b6_JaffaCakes118

Files

d0e0d17ad9290fc19ee2030de52914b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87906b06168fdf15cda12535f5943015

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Parent
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetLocaleInfoA
SetEndOfFile
GetStartupInfoA
TlsGetValue
FreeEnvironmentStringsW
VirtualQuery
AddAtomA
GetCPInfo
GetOEMCP
TlsSetValue
SetLastError
GetVersionExA
VirtualAlloc
GetCurrentProcess
HeapSize
FreeEnvironmentStringsA
InterlockedExchange
EnumResourceLanguagesA
GetSystemInfo
IsBadWritePtr
GetACP
TlsFree
GetCurrentProcessId
HeapDestroy
WriteFile
GetEnvironmentStringsW
TerminateProcess
GetDiskFreeSpaceW
GetFileType
SetHandleCount
VirtualFree
GetStdHandle
QueryPerformanceCounter
GetModuleFileNameA
GetEnvironmentStrings
TlsAlloc
GetSystemTimeAsFileTime
UnhandledExceptionFilter
HeapCreate
SetUnhandledExceptionFilter

user32

IsWindow
SendMessageA
DestroyWindow
EnumChildWindows
GetDlgItem
CreateWindowExW
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

shell32

SHGetFolderPathW

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 83KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87906b06168fdf15cda12535f5943015

Headers

File Characteristics

Imports

setupapi

newdev

kernel32

user32

iphlpapi

shell32

mprapi

Sections

.text Size: 83KB - Virtual size: 487KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 76KB - Virtual size: 76KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 83KB - Virtual size: 487KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 512B - Virtual size: 4KB