54e43d0119db59aa49389b1bb33632c2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

54e43d0119db59aa49389b1bb33632c2_JaffaCakes118
Size

172KB
MD5

54e43d0119db59aa49389b1bb33632c2
SHA1

c2d7716b35061a38c5260fd7bfaf4016dbc3ea94
SHA256

defe08706921269d0af3449acd247682542fdb609d4eb63f1615c0fec2a0a13e
SHA512

93c2e116c7ba4cdb174a79fe602660b481145359a4cfce7eb89ba2850e7502f5a027ac655e4210850e2a11f370e8d0de9267311b431c7aa6918d26ad9a2c4e44
SSDEEP

3072:waV+ztcETp/2Of8RtuVvAnWsG8j8MHx9Anm+dg7awJmTRM/VMz2BS8P7XebF:XQ7Tp/2i8Rcqzbj8MRimwMgR1wS8P7Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54e43d0119db59aa49389b1bb33632c2_JaffaCakes118

Files

54e43d0119db59aa49389b1bb33632c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9850b7ed15a81a2d8ea29b87487d0b1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dpebj.pdb

Imports

advapi32

LsaNtStatusToWinError
NotifyBootConfigStatus
RegCloseKey
RegDeleteKeyW
RegEnumValueW
RegOpenCurrentUser
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW

oleaut32

SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SysAllocStringLen
SysFreeString
SysStringLen
VarCyMul
VariantChangeType
VariantClear
VariantInit
SafeArrayCreate

shlwapi

PathFindFileNameW

rpcrt4

RpcServerUseProtseqEpW
NdrServerCall2
RpcAsyncRegisterInfo
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerRegisterIfEx
RpcServerUnregisterIf

shell32

SHCreateDirectoryExW
SHFreeNameMappings
SHGetDesktopFolder
SHAddToRecentDocs

kernel32

_llseek
WriteFileEx
WriteFile
WriteConsoleW
WriteConsoleA
WideCharToMultiByte
WaitForSingleObject
VirtualProtect
VirtualFree
VirtualAlloc
UnmapViewOfFile
UnhandledExceptionFilter
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
SystemTimeToTzSpecificLocalTime
Sleep
SizeofResource
SignalObjectAndWait
SetStdHandle
SetProcessShutdownParameters
SetFilePointer
SetCurrentDirectoryW
RtlUnwind
ResumeThread
ResetEvent
CloseHandle
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateThread
DeleteFileW
DeviceIoControl
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindNextFileW
FlushConsoleInputBuffer
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommState
GetCommandLineA
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStringsA
GetExitCodeThread
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GlobalHandle
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
IsValidLocale
LCMapStringA
LeaveCriticalSection
LocalFree
MapViewOfFile
Module32FirstW
MoveFileW
OpenProcess
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
RemoveDirectoryW

ole32

CoInitialize
CoCreateInstance
CoInitializeEx

user32

GetMessageW
PostQuitMessage
SetTimer

setupapi

SetupUninstallOEMInfW
SetupDiEnumDeviceInfo
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupDiGetDeviceInstallParamsW
SetupGetStringFieldW
SetupGetFieldCount
SetupDiSetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiOpenClassRegKey
SetupDiGetSelectedDriverW
CM_Add_Empty_Log_Conf_Ex
CM_Free_Log_Conf_Ex
CM_Get_DevNode_Status
CM_Get_Device_IDW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiCreateDeviceInfoList
SetupDiDeleteDeviceInfo
SetupDiGetDeviceRegistryPropertyW

Exports

Exports

EndSession
FBuildTempPathW
PVDecodeObject
PVGetMsgParam
SetScissorRect

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 405B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9850b7ed15a81a2d8ea29b87487d0b1a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

oleaut32

shlwapi

rpcrt4

shell32

kernel32

ole32

user32

setupapi

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 19KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 405B

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 19KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 405B