3ae43837d2bfbc32d9595f11ad9149a3_JaffaCakes118

General

Target

3ae43837d2bfbc32d9595f11ad9149a3_JaffaCakes118
Size

169KB
MD5

3ae43837d2bfbc32d9595f11ad9149a3
SHA1

ed5bab56b334c4984dedc6f670735a6d94387d28
SHA256

3623468c175c30466382e1bf656f556e7471a36326fc0d374cf1f4473519b8a1
SHA512

3eca6f83fff31f33a1e269408d05e47e50e986fc0cb23ee511ea0883ff8c7bebd3cf6468cf66f4d551b2093bcc29dfb510edc74a1a6c6da1876044c865659299
SSDEEP

3072:81bggdhbktpzWrFGP435ok2cd1BeSFWExSJ6eykdz/zjbm9TwheN:inApzWdykDd1Fm6e3z/z/e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ae43837d2bfbc32d9595f11ad9149a3_JaffaCakes118

Files

3ae43837d2bfbc32d9595f11ad9149a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c46b962acdbb5bc04908937a30f39b1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

setupapi

CM_Get_Sibling
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

shlwapi

StrCmpNIA
StrStrA

newdev

UpdateDriverForPlugAndPlayDevicesW

kernel32

ResetEvent
LoadLibraryA
GlobalAlloc
LockResource
GetTickCount
LoadLibraryW
IsBadWritePtr
AddAtomA
SetThreadPriority
VirtualAlloc
LeaveCriticalSection
MultiByteToWideChar
InterlockedIncrement
GetProcessHeap
WideCharToMultiByte
WaitForMultipleObjects
VirtualFree
Sleep
FreeLibrary
QueryPerformanceCounter
InterlockedDecrement
CreateFileW
GetProcAddress
ReleaseSemaphore
EnumResourceTypesW
GetSystemInfo
GetModuleFileNameA
CreateSemaphoreA
DisableThreadLibraryCalls
FindResourceA
TerminateThread
GetCurrentProcessId
GetCurrentThread
GetGeoInfoA
GetSystemTime
lstrlenA
EnterCriticalSection
HeapFree
IsBadReadPtr
ReleaseMutex
GetExitCodeThread
GetThreadPriority
GetModuleFileNameW
GetLastError
LoadResource
CreateMutexA
GetCurrentThreadId
ExitProcess

Sections

.text
Size: 85KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c46b962acdbb5bc04908937a30f39b1

Headers

File Characteristics

Imports

shell32

setupapi

iphlpapi

shlwapi

newdev

kernel32

Sections

.text Size: 85KB - Virtual size: 485KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 80KB - Virtual size: 79KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 85KB - Virtual size: 485KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 512B - Virtual size: 4KB