JaffaCakes118_5e46b62547b1f4a6f95d01c0d855c3f0

General

Target

JaffaCakes118_5e46b62547b1f4a6f95d01c0d855c3f0
Size

169KB
MD5

5e46b62547b1f4a6f95d01c0d855c3f0
SHA1

e92d082a7e0b0fbcb4357e0fd38f4792f63e145c
SHA256

29edf5b543a28c460ca166208340e28dbc376faff2d51809df33ed7a7b2a57a1
SHA512

ff636b6cef996c47df578a4ab7a4e1193a82cb83bd702172c49b8cfec1dadfa211a901710e9177fb5cc2ce4625f3679e703e90780567556af250c1a63bceef83
SSDEEP

3072:dP7vOxemJVq3bs4nxd9I2vDwcfwuzFg5SE3qjygbqH/pOs2S4Y//WOwpbDFeOo:tro4j73NxQh39H/csBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5e46b62547b1f4a6f95d01c0d855c3f0

Files

JaffaCakes118_5e46b62547b1f4a6f95d01c0d855c3f0
.exe windows:4 windows x86 arch:x86

ba2999af9813b23a61dd2f36dbdef408

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

mprapi

MprConfigServerConnect
MprConfigServerDisconnect
MprConfigGetFriendlyName

user32

IsWindow
EnumChildWindows
DestroyWindow
CreateWindowExW
GetDlgItem
SendMessageA
GetWindowThreadProcessId

setupapi

CM_Get_Global_State
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

iphlpapi

GetIpAddrTable

kernel32

AddAtomA
SetHandleCount
GetSystemInfo
UnhandledExceptionFilter
GetOEMCP
HeapSize
TlsSetValue
InterlockedExchange
FreeEnvironmentStringsA
GetACP
VirtualAlloc
SetEndOfFile
GetVersionExA
WriteFile
GetCPInfo
GetEnvironmentStringsW
VirtualFree
TlsGetValue
EnumResourceNamesA
FreeEnvironmentStringsW
SetLastError
HeapCreate
VirtualQuery
GetStartupInfoA
QueryPerformanceCounter
GetLocaleInfoA
HeapDestroy
lstrcatA
IsBadWritePtr
GetCurrentProcess
GetStdHandle
TlsFree
GetFileType
TlsAlloc
GetSystemTimeAsFileTime
GetEnvironmentStrings
GetModuleFileNameA
TerminateProcess
GetCurrentProcessId
SetUnhandledExceptionFilter

newdev

UpdateDriverForPlugAndPlayDevicesW

Sections

.text
Size: 89KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba2999af9813b23a61dd2f36dbdef408

Headers

File Characteristics

Imports

shell32

mprapi

user32

setupapi

iphlpapi

kernel32

newdev

Sections

.text Size: 89KB - Virtual size: 484KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 77KB - Virtual size: 76KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 89KB - Virtual size: 484KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 512B - Virtual size: 4KB