1b778c089fa53d3286abfefb2036961f_JaffaCakes118

General

Target

1b778c089fa53d3286abfefb2036961f_JaffaCakes118
Size

173KB
MD5

1b778c089fa53d3286abfefb2036961f
SHA1

b0f6dd68884c1e867730e843b0b981131fa1db3e
SHA256

462681fda46da76ae6ea010a5a31a7168f99721edf8bb7b44ae743965e204093
SHA512

b05db1259a15d221e6500755132e7d6352ee61adc4a5b04e75f13f33fccda3750957fb03cc94fb4157d3bc80f3db9965d6529f3baa1e2fff070fe496e4f46a30
SSDEEP

3072:MlNiwhvnl50CiDcHXaE3I94MbwtgZIuSOETM7QCQnI53shrtoFdwynoTHaVo:GwwhvwCvqKI9lblXEcQ258hra5oT1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b778c089fa53d3286abfefb2036961f_JaffaCakes118

Files

1b778c089fa53d3286abfefb2036961f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

31722b149617dd435e68b1cff1f0c191

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZCopy
LZClose
LZOpenFileA

kernel32

ReleaseMutex
GetCurrentProcessId
GetFileAttributesA
Sleep
AddAtomW
GlobalUnlock
GetTempPathA
GetSystemTimeAsFileTime
GetVolumeInformationA
VirtualFree
CreateMutexA
LocalAlloc
CloseHandle
GetModuleFileNameW
CreateFileW
CreateDirectoryA
QueryPerformanceCounter
SetFilePointer
ReadFile
DeleteFileA
CopyFileA
GetCurrentThreadId
MultiByteToWideChar
InterlockedIncrement
EnumResourceNamesA
DeviceIoControl
LocalFree
GlobalLock
GetModuleFileNameA
lstrlenA
GetLastError
CheckNameLegalDOS8Dot3W
InitializeCriticalSection
GlobalFree
DisableThreadLibraryCalls
WaitForSingleObject
GetSystemTime
GetTempFileNameA
GetFileSize
CreateFileA
InterlockedDecrement
GetVersionExA
WideCharToMultiByte
VirtualAlloc
DeleteCriticalSection
SetFileAttributesA
GetTickCount
FreeLibrary

advapi32

RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegQueryValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey

setupapi

CM_Get_Child
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 87KB - Virtual size: 483KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

31722b149617dd435e68b1cff1f0c191

Headers

File Characteristics

Imports

lz32

kernel32

advapi32

setupapi

Sections

.text Size: 87KB - Virtual size: 483KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 32KB

.text
Size: 87KB - Virtual size: 483KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 32KB