f5c668c37d78b8eb121f86d2d4377799_JaffaCakes118

General

Target

f5c668c37d78b8eb121f86d2d4377799_JaffaCakes118
Size

185KB
MD5

f5c668c37d78b8eb121f86d2d4377799
SHA1

219351d67eb08ba82d9d213bcc48a20e82b5186d
SHA256

65211d58fea09e903d37a3e166024065f9af0c9b6c4b895ecef82f533cbe6e5c
SHA512

4e887cf17b384dcd2a1f9c8a00018ff6dbe3b25f7ffce239c11cdd89d4fb53da280f4ffd372a822dfe52150be46cf08dfb75ae428c069509a35f802784b08d52
SSDEEP

3072:6Jt3jvjBABvtCnFr0lTbSOj0Zp29El/v2igbV0Yn5Yj3BirDOBqWRKKE19u68:6Jt7jOv9l/SFp22x25fuj39qcKl19P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5c668c37d78b8eb121f86d2d4377799_JaffaCakes118

Files

f5c668c37d78b8eb121f86d2d4377799_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6af58a3f3c6f7c7d7fea7ebb14f4ed5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StgCreateDocfile
StgOpenStorage

shell32

SHGetSpecialFolderPathA

kernel32

GetThreadLocale
GetACP
IsBadWritePtr
ExitProcess
GetShortPathNameA
GetLastError
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
lstrlenW
GetProcessWorkingSetSize
DeleteCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CreateFileA
GetModuleHandleA
IsDebuggerPresent
UnhandledExceptionFilter
InitializeCriticalSection
GetTickCount
LocalFree
EnumResourceTypesA
InterlockedExchange
GetCurrentThreadId
CloseHandle
MultiByteToWideChar
GetFileAttributesA
GetLocaleInfoA
SetUnhandledExceptionFilter
FreeLibrary
WideCharToMultiByte
InterlockedDecrement
LoadLibraryA
EnterCriticalSection
InterlockedIncrement
lstrlenA
IsBadReadPtr
GetVersionExA

user32

wsprintfA
wsprintfW

advapi32

RegDeleteValueA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6af58a3f3c6f7c7d7fea7ebb14f4ed5b

Headers

File Characteristics

Imports

ole32

shell32

kernel32

user32

advapi32

setupapi

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: 72KB - Virtual size: 71KB

.edata Size: 1024B - Virtual size: 240KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: 72KB - Virtual size: 71KB

.edata
Size: 1024B - Virtual size: 240KB