JaffaCakes118_66e8c3a47bccc28520d2b90d47cca64c

General

Target

JaffaCakes118_66e8c3a47bccc28520d2b90d47cca64c
Size

280KB
MD5

66e8c3a47bccc28520d2b90d47cca64c
SHA1

ccc6d97ae47fd11bd18b1b29ed103550686cefa8
SHA256

111d69fa077a4e5fde4125a33e1672d274714ed0565587d5d2e149df5a5c68ec
SHA512

e3d0dc3f03e78e2f5a3f016a8da41221e7f69df0a677247424b5e5d8f7cf0c786e9d56ef28c085575fc6f20b73084930689a26d25a19717272c0a152bac01d78
SSDEEP

6144:WNLcGZ3WKCUJuqkw/xI/Qlzpb2tv0dQ0IaaMARuI7Mcj8:W5cGZGbUeR/QzxWRvP8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_66e8c3a47bccc28520d2b90d47cca64c

Files

JaffaCakes118_66e8c3a47bccc28520d2b90d47cca64c
.exe windows:4 windows x86 arch:x86

6d6426d090f7c1c9afdf5cc9e78a19a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DragLeave
ImageList_DragMove
ImageList_DragEnter

iphlpapi

GetIpAddrTable

kernel32

SetUnhandledExceptionFilter
LocalFree
FreeLibrary
GetVersionExW
LoadLibraryW
GetCurrentProcessId
InterlockedCompareExchange
GetLastError
GlobalAddAtomW
RtlUnwind
GetModuleHandleA
GetProcessHeap
ExpandEnvironmentStringsW
LoadLibraryExA
GetProcAddress
LoadLibraryExW
CopyFileW
lstrcmpW
HeapAlloc
GetStartupInfoA
GetFileType
GetSystemInfo
SetFileAttributesW
EnumResourceLanguagesW
GetCurrentDirectoryW
GetCurrentThreadId
FindClose
Sleep
FindNextFileW
GetTickCount
GetPrivateProfileSectionW
GetModuleHandleW
GetPrivateProfileIntW
QueryPerformanceCounter
CreateMutexW
ReleaseMutex
GetCurrentProcess
LoadModule
GetPrivateProfileStringW
FindFirstFileW
GetWindowsDirectoryA
CompareStringW
GetSystemDirectoryW
WritePrivateProfileStringW
HeapFree
lstrcmpiW
InterlockedExchange
WaitForSingleObject
lstrlenA
WritePrivateProfileSectionW

newdev

UpdateDriverForPlugAndPlayDevicesW

shlwapi

StrCmpNIA
StrStrA

setupapi

CM_Get_Sibling
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

shell32

SHGetFolderPathW

Sections

.text
Size: 143KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d6426d090f7c1c9afdf5cc9e78a19a2

Headers

File Characteristics

Imports

comctl32

iphlpapi

kernel32

newdev

shlwapi

setupapi

shell32

Sections

.text Size: 143KB - Virtual size: 278KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 134KB - Virtual size: 133KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 143KB - Virtual size: 278KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 134KB - Virtual size: 133KB

.rsrc
Size: 512B - Virtual size: 4KB