775846af8fe20d91eda45c1ca6111d62_JaffaCakes118

General

Target

775846af8fe20d91eda45c1ca6111d62_JaffaCakes118
Size

184KB
MD5

775846af8fe20d91eda45c1ca6111d62
SHA1

c574126645d80b6bd5751b75c193d45f69148657
SHA256

b20b82bf7cf986bb0af40b0f798665f798ccaacfa7209a65aa4ae4f3333e62b6
SHA512

da25f6e802953f73f94d7482ca6528e5604e0dccaa89013a6af11c5abfaeefdf5a39b4e3a6447c747d5c8d97d170b616044da7abafc1a1839cf396e6ace7de4d
SSDEEP

3072:E70z3aT8GjpMtBTQx4Mv3qNUhO0kZjqSD9nx++vBt5RI5T25W:Ewedp1v3WuOzZ+OBxX5mQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
775846af8fe20d91eda45c1ca6111d62_JaffaCakes118

Files

775846af8fe20d91eda45c1ca6111d62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe66dc62eda704a6ad4102402e2b233b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA

user32

wsprintfA
wsprintfW

kernel32

GetCurrentProcessId
SetUnhandledExceptionFilter
lstrlenA
DeleteCriticalSection
GetShortPathNameA
InterlockedExchange
IsDebuggerPresent
EnterCriticalSection
CreateFileA
GetACP
InterlockedDecrement
GetThreadLocale
IsBadReadPtr
GetProcessWorkingSetSize
GetCurrentThreadId
GetProcAddress
ExitProcess
UnhandledExceptionFilter
IsBadWritePtr
GetSystemTimeAsFileTime
EnumResourceTypesA
GetLastError
GetLocaleInfoA
QueryPerformanceCounter
lstrlenW
LoadLibraryA
CloseHandle
LeaveCriticalSection
GetTickCount
GetFileAttributesA
InterlockedIncrement
LocalFree
GetModuleHandleA
FreeLibrary
WideCharToMultiByte
InitializeCriticalSection
MultiByteToWideChar
GetVersionExA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegSetValueExA

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA

ole32

StgCreateDocfile
StgOpenStorage

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe66dc62eda704a6ad4102402e2b233b

Headers

File Characteristics

Imports

shell32

user32

kernel32

advapi32

setupapi

ole32

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: 75KB - Virtual size: 75KB

.edata Size: 1024B - Virtual size: 240KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: 75KB - Virtual size: 75KB

.edata
Size: 1024B - Virtual size: 240KB