1b8ee9353d140bfa20de41093b20d63d_JaffaCakes118

General

Target

1b8ee9353d140bfa20de41093b20d63d_JaffaCakes118
Size

280KB
MD5

1b8ee9353d140bfa20de41093b20d63d
SHA1

ea242cdb69754879ba30a5cf1ab1b3c58e887c5f
SHA256

46c5eeba07240245629cb85e103c344c56a0678834de26770a22799b05625e12
SHA512

abc9309207b2a9d1af94d00cdf9e301373beb37057953671c9a94fe4532a62f95048c08a16624e2d0bd6107978fa3b47abb92f9e999194ee1ed8e93d30a6c46a
SSDEEP

6144:yFL8MlDdKs8yA7Gwu+eyAh0RdZx4Hu2GkdQm8bhL7tSGCt2jqb:yFAE8yMBu+DE2dZx+OkymUhve

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b8ee9353d140bfa20de41093b20d63d_JaffaCakes118

Files

1b8ee9353d140bfa20de41093b20d63d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d23b16857ccd4f7971e1afad57ead27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose
LZCopy
LZOpenFileA

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

AddAtomW
GetCurrentThreadId
GetCommandLineA
CreateFileW
FileTimeToLocalFileTime
MoveFileExW
CreateProcessW
FileTimeToSystemTime
GetExitCodeProcess
UnmapViewOfFile
DeleteFileW
SetEvent
GetSystemDirectoryW
LocalAlloc
GetFileAttributesW
LoadLibraryExW
ResetEvent
EnumResourceNamesA
WaitForSingleObject
GetModuleHandleW
GetVersionExW
CreateWaitableTimerA
LocalFree
CreateFileMappingA
GetEnvironmentVariableW
GetSystemTime
WriteFileGather
CreateDirectoryW
WriteConsoleW
CloseHandle
SetFileAttributesW
CreateEventA
GetTempPathW
CopyFileW
MapViewOfFile
CreateThread
CreateFileA

advapi32

RegQueryValueA
RegQueryValueExA
RegEnumKeyA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

Sections

.text
Size: 149KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d23b16857ccd4f7971e1afad57ead27

Headers

File Characteristics

Imports

lz32

setupapi

kernel32

advapi32

Sections

.text Size: 149KB - Virtual size: 277KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 128KB - Virtual size: 128KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 149KB - Virtual size: 277KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 128KB - Virtual size: 128KB

.rsrc
Size: 512B - Virtual size: 4KB