27b8687e24697667947df4286451c333_JaffaCakes118

General

Target

27b8687e24697667947df4286451c333_JaffaCakes118
Size

100KB
MD5

27b8687e24697667947df4286451c333
SHA1

0cd88bd22b3df42297d60fd3c257fca10b4a1bc7
SHA256

664dcbc21da837aa84d9161ce3c448737e4fc4c6f8f9ebc713eb5bce171ba950
SHA512

cd20429833bcdad819e4d9ebd2223d1b6adfca2becb006497e7ea8935e856b7fcef32ac321604b68f237bf114671e9c6a78ea7854b6d709621c1628aa86bc44e
SSDEEP

1536:c+DF+juGEu/+DAZ8c3P0wKuXi6JO6qjyqW24myqngsXHqL6Qb0NSmlESsRAWSSSi:3suGE6WcDKmJKjW2Oq4WO0NSmlPT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b8687e24697667947df4286451c333_JaffaCakes118

Files

27b8687e24697667947df4286451c333_JaffaCakes118
.exe windows:4 windows x86 arch:x86

068a6f3c78098455cceeaa802cd4f2b7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

shell32

SHGetFolderPathW

user32

EnumChildWindows
GetDlgItem
SendMessageA
IsWindow
DestroyWindow
CreateWindowExW
GetWindowThreadProcessId

setupapi

CM_Get_Global_State
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

HeapSize
AddAtomA
SetHandleCount
GetModuleFileNameA
GetEnvironmentStrings
VirtualFree
TlsGetValue
GetLocaleInfoA
SetEndOfFile
InterlockedExchange
HeapDestroy
IsBadWritePtr
GetStartupInfoA
FreeEnvironmentStringsW
GetSystemInfo
QueryPerformanceCounter
GetFileType
GetVersionExA
TerminateProcess
WriteFile
EnumResourceNamesA
VirtualQuery
GetCurrentProcess
HeapCreate
GetCPInfo
lstrcatA
VirtualAlloc
GetCurrentProcessId
GetStdHandle
SetLastError
GetOEMCP
UnhandledExceptionFilter
TlsAlloc
TlsFree
GetACP
FreeEnvironmentStringsA
TlsSetValue
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetUnhandledExceptionFilter

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

068a6f3c78098455cceeaa802cd4f2b7

Headers

File Characteristics

Imports

mprapi

shell32

user32

setupapi

iphlpapi

newdev

kernel32

Sections

.text Size: 56KB - Virtual size: 56KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 40KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 56KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 512B - Virtual size: 4KB