5ff78b7690f0148d30086deb30d913e8_JaffaCakes118

General

Target

5ff78b7690f0148d30086deb30d913e8_JaffaCakes118
Size

183KB
MD5

5ff78b7690f0148d30086deb30d913e8
SHA1

4dd0e31bc5f47d238d8eed8e0b601180322a3f48
SHA256

c6871b6fc6a8693e69dd50ded7995fcb7b7850df81952c5dd6fc7992555c659e
SHA512

826fe85a0674fc849e09f5792c0cc6b76ce485fcf5144c3f6ac13700376f172c85cca796030bc9e8f324ae93628fbd1c5939f8d5d898da4c549fb8c4b8b902a7
SSDEEP

3072:Lz0XqFvsI+R3S27Ih6kFesk3vQUvX75hNfDiDDaPcchQZNWLTnOInX605ztHXkr4:LwXqFSR3bMhiTfNXt/EWP5heWLTtnX6t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ff78b7690f0148d30086deb30d913e8_JaffaCakes118

Files

5ff78b7690f0148d30086deb30d913e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b99f12bd13108edf6089e63dc9d0e838

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyExA
RegQueryValueA
RegCloseKey

kernel32

CopyFileA
GetCurrentThreadId
SetFilePointer
InterlockedIncrement
GetModuleFileNameW
GetLastError
GetModuleFileNameA
AddAtomW
DeleteCriticalSection
SetFileAttributesA
GlobalUnlock
InitializeCriticalSection
ReadFile
Sleep
CreateDirectoryA
GlobalFree
GetVolumeInformationA
GetTempFileNameA
DeviceIoControl
GetSystemTime
GlobalLock
CreateMutexA
InterlockedDecrement
VirtualFree
WideCharToMultiByte
DeleteFileA
VirtualAlloc
GetTickCount
EnumResourceNamesA
GetCurrentProcessId
WaitForSingleObject
CloseHandle
CreateHardLinkW
GetFileAttributesA
DisableThreadLibraryCalls
LocalAlloc
MultiByteToWideChar
GetTempPathA
GetSystemTimeAsFileTime
GetFileSize
GetVersionExA
CreateFileW
ReleaseMutex
CreateFileA
LocalFree
lstrlenA
QueryPerformanceCounter
FreeLibrary

lz32

LZClose
LZCopy
LZOpenFileA

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 95KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b99f12bd13108edf6089e63dc9d0e838

Headers

File Characteristics

Imports

advapi32

kernel32

lz32

setupapi

Sections

.text Size: 95KB - Virtual size: 235KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 84KB - Virtual size: 84KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 95KB - Virtual size: 235KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 512B - Virtual size: 4KB