f7243540ca65e2a43cf8f07a6c8cdac1_JaffaCakes118

General

Target

f7243540ca65e2a43cf8f07a6c8cdac1_JaffaCakes118
Size

173KB
MD5

f7243540ca65e2a43cf8f07a6c8cdac1
SHA1

928bfc116bb2d21ac61326df00ac2bff181ca1a5
SHA256

a9729c5dd9287d07c70ebd7d4b9af770d274bafe8855fa4304de28aa9d794375
SHA512

cac4b86554be0ca9b79e592357f755601922e1c5475dd6c51a910c7109faea965754168246285d1f42b9bbfe6e1a07d313e4cfd017d25fcec30a004a238f2a30
SSDEEP

3072:6MzMtpS4Ys+Zx9VuuFGYJvO7L7OIAoDF5BFQkDntMx7cepup:6lCx9Vl7JsXOIAw5PQkD+7cepup

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7243540ca65e2a43cf8f07a6c8cdac1_JaffaCakes118

Files

f7243540ca65e2a43cf8f07a6c8cdac1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f06573346c4c3d3aa2f003bbdcad0c6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey

kernel32

ReleaseMutex
GlobalLock
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
CreateFileA
VirtualAlloc
InterlockedDecrement
AddAtomW
DeleteFileA
DisableThreadLibraryCalls
GetFileSize
InterlockedIncrement
CreateMutexA
GetModuleFileNameW
WaitForSingleObject
CopyFileA
DeviceIoControl
GetSystemTimeAsFileTime
VirtualFree
EnumResourceNamesA
MultiByteToWideChar
lstrlenA
QueryPerformanceCounter
LocalFree
GetTempPathA
DeleteCriticalSection
GetTickCount
SetFileAttributesA
Sleep
GetSystemTime
WideCharToMultiByte
InitializeCriticalSection
CreateHardLinkW
CreateDirectoryA
ReadFile
GetVolumeInformationA
GetTempFileNameA
GetLastError
CloseHandle
GetModuleFileNameA
GlobalUnlock
LocalAlloc
CreateFileW
GetVersionExA
GetFileAttributesA
GlobalFree
FreeLibrary

lz32

LZClose
LZCopy
LZOpenFileA

setupapi

CM_Get_Child
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 93KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f06573346c4c3d3aa2f003bbdcad0c6e

Headers

File Characteristics

Imports

advapi32

kernel32

lz32

setupapi

Sections

.text Size: 93KB - Virtual size: 232KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 77KB - Virtual size: 76KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 93KB - Virtual size: 232KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 512B - Virtual size: 4KB