163f80c7742b0dfb74f567c6f37485e9_JaffaCakes118

General

Target

163f80c7742b0dfb74f567c6f37485e9_JaffaCakes118
Size

235KB
MD5

163f80c7742b0dfb74f567c6f37485e9
SHA1

728774b680e3a23bce46862b406992f369d6362c
SHA256

bbe43169b3d4bbdaff9391b69fb7cb08f3fbd4c0a875e30d0dee093bc65f1be7
SHA512

daed8b9e1e63e7a341eca4752e35d1f47decd9718e608e0bd9bffc269e07c4bcf00fbee2b11bde8e5099c01fe04173598c7cf972cf84181b632277c2e9fd22c4
SSDEEP

3072:lgRqbQWzN0Q7W8UHnxkIsqcED9TTOC/2p01zOQy2iU6HpNcZ8GbKHca2CrrWXbB:lgRqbGQ6NH+qcEDlCC/R4eilAZ88K8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163f80c7742b0dfb74f567c6f37485e9_JaffaCakes118

Files

163f80c7742b0dfb74f567c6f37485e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0097a273219aa57da7e92f5c432b36d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter

shell32

SHGetFolderPathW

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

GetExitCodeThread
GetCurrentThreadId
DisableThreadLibraryCalls
InterlockedIncrement
IsBadWritePtr
LoadLibraryA
LoadLibraryW
GetCurrentProcessId
AddAtomA
TerminateThread
ReleaseMutex
WaitForMultipleObjects
GetSystemInfo
GlobalAlloc
LeaveCriticalSection
CreateSemaphoreA
EnterCriticalSection
ResetEvent
VirtualAlloc
LoadResource
InterlockedDecrement
FreeLibrary
GetProcAddress
GetThreadPriority
EnumResourceTypesA
SetThreadPriority
CreateMutexA
FindResourceA
QueryPerformanceCounter
CreateFileW
GetPrivateProfileStructA
VirtualFree
LockResource
HeapFree
GetTickCount
GetModuleFileNameW
MultiByteToWideChar
GetProcessHeap
GetSystemTime
GetCurrentThread
ReleaseSemaphore
GetModuleFileNameA
Sleep
lstrlenA
WideCharToMultiByte
IsBadReadPtr
GetLastError
ExitProcess

shlwapi

StrCmpNIA
StrStrA

setupapi

CM_Get_Sibling
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 136KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0097a273219aa57da7e92f5c432b36d7

Headers

File Characteristics

Imports

comctl32

shell32

iphlpapi

newdev

kernel32

shlwapi

setupapi

Sections

.text Size: 136KB - Virtual size: 272KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 138KB - Virtual size: 138KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 136KB - Virtual size: 272KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 138KB - Virtual size: 138KB

.rsrc
Size: 512B - Virtual size: 4KB