04d76388aa01c23e1bf3f07cf42aa118_JaffaCakes118

General

Target

04d76388aa01c23e1bf3f07cf42aa118_JaffaCakes118
Size

234KB
MD5

04d76388aa01c23e1bf3f07cf42aa118
SHA1

166a72b266bf9177bb82323a5f36b24c76dccd54
SHA256

e2f4556eb327ce612aec202d2ce0aefbf63980a5b70fe25975b06b046ade0b30
SHA512

8f05c7fec63ddcb13b333a1e47f5bc670ee14174c6a3644b8687437a0c1dc0b69f5415159670cca626d05cab895724ade28f548793adb80287957447bf95e915
SSDEEP

6144:10SsR2GbdD6rMJpDUjhssfBg5GMGg1dKU49k:gR2GRuQJosJ54gE9k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d76388aa01c23e1bf3f07cf42aa118_JaffaCakes118

Files

04d76388aa01c23e1bf3f07cf42aa118_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2702f063490314ae146e230e08052c7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA

kernel32

VirtualFree
DeleteFileA
GetCurrentThread
lstrcpyA
GetVersionExA
GetCurrentThreadId
GetOEMCP
ExitThread
FormatMessageA
WaitForSingleObject
HeapFree
LockResource
GetACP
GetCommandLineA
LoadLibraryExA
VirtualAllocEx

shlwapi

PathIsContentTypeA
SHSetValueA
PathFileExistsA
SHDeleteKeyA
SHQueryValueExA
PathGetCharTypeA
SHEnumValueA

ole32

CoRegisterClassObject
CLSIDFromString
CoRevokeClassObject
StgOpenStorage
CreateOleAdviseHolder

comdlg32

GetOpenFileNameA
FindTextA

shell32

SHGetFolderPathA
SHGetDiskFreeSpaceA
SHFileOperationA

msvcrt

memset
wcsncmp
clock
mbstowcs
tolower
wcschr
memcpy
malloc
swprintf
sqrt
wcstol

Sections

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 533B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2702f063490314ae146e230e08052c7b

Headers

File Characteristics

Imports

advapi32

kernel32

shlwapi

ole32

comdlg32

shell32

msvcrt

Sections

.idata Size: 21KB - Virtual size: 21KB

.bss Size: 206KB - Virtual size: 206KB

BSS Size: 2KB - Virtual size: 1KB

.edata Size: 1024B - Virtual size: 533B

.init Size: 2KB - Virtual size: 1KB

.idata
Size: 21KB - Virtual size: 21KB

.bss
Size: 206KB - Virtual size: 206KB

BSS
Size: 2KB - Virtual size: 1KB

.edata
Size: 1024B - Virtual size: 533B

.init
Size: 2KB - Virtual size: 1KB