3c29b4e65d5fe1e1af6b4ad0c4ee7796_JaffaCakes118

General

Target

3c29b4e65d5fe1e1af6b4ad0c4ee7796_JaffaCakes118
Size

173KB
MD5

3c29b4e65d5fe1e1af6b4ad0c4ee7796
SHA1

693a644e9117d31c88f2b0263af01d1416cd430a
SHA256

3c330f6756b69843e6f50bb49d21718447fc08e5bec3cf518ea9b54ad149218d
SHA512

0d67e1f5d32f703429a28b7246f0f61769f7ea64538d0e2e0de43bb096165edae3f598f707d7a85c8d6f0f8883895bab11ce38f5f517a1166f18d3c9b0f9d3ed
SSDEEP

3072:SoU7lwmWy3SX2n0skRE1ccSeRv+78vTU+Nd9tLw+5namdByUA5EQSB:o+y3SXI0sicRuwT5XS8a2Imd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c29b4e65d5fe1e1af6b4ad0c4ee7796_JaffaCakes118

Files

3c29b4e65d5fe1e1af6b4ad0c4ee7796_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11ad0c71fc87be6ae7a882d463141676

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
AddAtomW
CloseHandle
QueryPerformanceCounter
Sleep
InterlockedDecrement
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
GetVersionExA
DeleteFileA
GlobalUnlock
CreateDirectoryA
SetFilePointer
GetFileAttributesA
GetSystemTimeAsFileTime
GetVolumeInformationA
GlobalLock
InitializeCriticalSection
GetLastError
GetCurrentProcessId
GetCurrentThreadId
EnumResourceNamesA
LocalAlloc
GetFileSize
SetFileAttributesA
DisableThreadLibraryCalls
GetTickCount
lstrlenA
GetTempPathA
CreateFileA
VirtualFree
ReadFile
ReleaseMutex
CopyFileA
FindResourceA
DeleteCriticalSection
InterlockedIncrement
CreateMutexA
GetModuleFileNameW
WaitForSingleObject
GetModuleFileNameA
DeviceIoControl
VirtualAlloc
GetSystemTime
GetTempFileNameA
LocalFree
FreeLibrary

setupapi

CM_Get_Child
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

advapi32

RegQueryValueA
RegOpenKeyExA
RegEnumKeyExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

lz32

LZClose
LZCopy
LZOpenFileA

Sections

.text
Size: 90KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11ad0c71fc87be6ae7a882d463141676

Headers

File Characteristics

Imports

kernel32

setupapi

advapi32

lz32

Sections

.text Size: 90KB - Virtual size: 234KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 79KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 234KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 79KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB