ee954c61d2e6c4ab0e6a657c34ad498d_JaffaCakes118

General

Target

ee954c61d2e6c4ab0e6a657c34ad498d_JaffaCakes118
Size

283KB
MD5

ee954c61d2e6c4ab0e6a657c34ad498d
SHA1

6f8402c854916c84f8a2776a394dc5352ed95c99
SHA256

d91ac3392ac783601beaeec6ce28cbf042fa07c01a3600c3d8e5c26e76775571
SHA512

40d607541f8e233d68d6ec2e8a3911497a80e5e812ea62cbeb7824993d37ded8315f3669e6f325382049761ac1960d120b1c7b72075e3d7b3e55f3280570fad8
SSDEEP

6144:2DFB0kRW+0emzMSAHum/LsREd1o7OyCbJRscQgWyCG1Ge:cRR0exHum/e7LCNRscQgWs1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee954c61d2e6c4ab0e6a657c34ad498d_JaffaCakes118

Files

ee954c61d2e6c4ab0e6a657c34ad498d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39aab26e7cf2bac98b3ab2983671e3a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
GetLocaleInfoA
AddAtomA
GetSystemInfo
TlsFree
SetHandleCount
GetCPInfo
VirtualFree
GetEnvironmentStringsW
TerminateProcess
GetFileType
GetVersionExA
VirtualAlloc
VirtualQuery
GetModuleFileNameA
SetEndOfFile
EnumResourceLanguagesA
HeapCreate
GetSystemTimeAsFileTime
GetACP
GetCurrentProcessId
TlsSetValue
GetStdHandle
lstrcpyW
WriteFile
GetOEMCP
GetEnvironmentStrings
UnhandledExceptionFilter
TlsAlloc
InterlockedExchange
GetStartupInfoA
FreeEnvironmentStringsA
HeapSize
HeapDestroy
SetLastError
QueryPerformanceCounter
FreeEnvironmentStringsW
GetCurrentProcess
IsBadWritePtr
SetUnhandledExceptionFilter

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

CM_Get_Parent
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

user32

DestroyWindow
CreateWindowExW
EnumChildWindows
SendMessageA
GetDlgItem
IsWindow
GetWindowThreadProcessId

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

Sections

.text
Size: 143KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39aab26e7cf2bac98b3ab2983671e3a6

Headers

File Characteristics

Imports

kernel32

iphlpapi

newdev

setupapi

user32

mprapi

shell32

Sections

.text Size: 143KB - Virtual size: 279KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 136KB - Virtual size: 135KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 143KB - Virtual size: 279KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 136KB - Virtual size: 135KB

.rsrc
Size: 512B - Virtual size: 4KB