d9992b8f59294b33118dfc043f4a1156_JaffaCakes118

General

Target

d9992b8f59294b33118dfc043f4a1156_JaffaCakes118
Size

162KB
MD5

d9992b8f59294b33118dfc043f4a1156
SHA1

d6abe1a707329814e17d1524de05878285f7440c
SHA256

d49032b27b5a6774bc3e35daa0a5907e2d7313e1511a99da111e206ab4b34c63
SHA512

b79108c0588c51bc5403f4684cf8f229d7779f7faee4d206e0d713573ac1a7e0eaa25e5bf617e7c4b7add6de9f7c0ed1944701a1a15843e4195fc496d1563269
SSDEEP

3072:t/onMIHdCY5SfN1x7Kez+YPNOubz+Ts1nibQdsOckz67uuk2j74:iY6Sf5KezH9bSTsZicQkz67Vj74

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9992b8f59294b33118dfc043f4a1156_JaffaCakes118

Files

d9992b8f59294b33118dfc043f4a1156_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ebe45354ea7b2dba371924e5e4b84a5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

iphlpapi

GetIpAddrTable

shell32

SHGetFolderPathW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

user32

EnumChildWindows
GetDlgItem
IsWindow
SendMessageA
DestroyWindow
CreateWindowExW
GetWindowThreadProcessId

kernel32

TerminateProcess
AddAtomA
GetFileType
WriteFile
GetCurrentProcess
GetStartupInfoA
GetCPInfo
TlsGetValue
TlsFree
GetACP
GetOEMCP
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetLocaleInfoA
GetCurrentProcessId
VirtualQuery
GetModuleFileNameA
GetEnvironmentStrings
InterlockedExchange
HeapDestroy
HeapSize
EnumResourceLanguagesA
TlsSetValue
GetEnvironmentStringsW
VirtualFree
GetDiskFreeSpaceW
FreeEnvironmentStringsA
GetStdHandle
GetSystemInfo
SetEndOfFile
UnhandledExceptionFilter
QueryPerformanceCounter
HeapCreate
IsBadWritePtr
SetLastError
VirtualAlloc
SetHandleCount
GetVersionExA
TlsAlloc
SetUnhandledExceptionFilter

Sections

.text
Size: 80KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ebe45354ea7b2dba371924e5e4b84a5

Headers

File Characteristics

Imports

newdev

iphlpapi

shell32

mprapi

setupapi

user32

kernel32

Sections

.text Size: 80KB - Virtual size: 487KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 79KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 80KB - Virtual size: 487KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 79KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB