d63d9ff2bd7aff47f5251088b6beb889_JaffaCakes118

General

Target

d63d9ff2bd7aff47f5251088b6beb889_JaffaCakes118
Size

269KB
MD5

d63d9ff2bd7aff47f5251088b6beb889
SHA1

56f4e043301ad4c17296c8197991db2d4fd80bad
SHA256

ff5fd162a7bcae95742ca98f67b4ff715dbb3d4887811bbb9dc8431c0b09db95
SHA512

d7253fff1c3b2cd9660ae1265c0166b23b310690ba0a54bf44ae0717d60a787299c04574aab773ac99597e825cb4acde6ac56bdf61cc0d111adb09f2bc1dc01c
SSDEEP

6144:wdlQFuqDtqObd9acR91QY7EgITgYEJvPUY:s+Fuy4gdGY7EgmEJXUY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d63d9ff2bd7aff47f5251088b6beb889_JaffaCakes118

Files

d63d9ff2bd7aff47f5251088b6beb889_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c176149d26b84460ccabdaf55e611db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyWindow
EnumChildWindows
CreateWindowExW
GetDlgItem
IsWindow
SendMessageA
GetWindowThreadProcessId

iphlpapi

GetIpAddrTable

kernel32

GetCPInfo
TerminateProcess
GetOEMCP
AddAtomA
HeapCreate
TlsSetValue
GetVersionExA
QueryPerformanceCounter
VirtualQuery
VirtualAlloc
FreeEnvironmentStringsW
VirtualFree
GetEnvironmentStringsW
InterlockedExchange
GetCurrentProcessId
GetLocaleInfoA
TlsGetValue
EnumResourceNamesW
SetHandleCount
SetEndOfFile
GetStdHandle
TlsAlloc
HeapSize
GetSystemTimeAsFileTime
GetFileType
GetStartupInfoA
HeapDestroy
lstrcatW
TlsFree
SetLastError
UnhandledExceptionFilter
GetEnvironmentStrings
GetACP
GetSystemInfo
GetCurrentProcess
IsBadWritePtr
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
SetUnhandledExceptionFilter

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW

setupapi

CM_Get_Global_State
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 136KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c176149d26b84460ccabdaf55e611db

Headers

File Characteristics

Imports

user32

iphlpapi

kernel32

newdev

shell32

setupapi

mprapi

Sections

.text Size: 136KB - Virtual size: 283KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 129KB - Virtual size: 129KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 283KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 129KB - Virtual size: 129KB

.rsrc
Size: 512B - Virtual size: 4KB