127149e20f4eeec23d2e241b38e9f267_JaffaCakes118

General

Target

127149e20f4eeec23d2e241b38e9f267_JaffaCakes118
Size

183KB
MD5

127149e20f4eeec23d2e241b38e9f267
SHA1

385aa158df747beebf31340975ef6f5a4eae7552
SHA256

8508f97c56d496beaa1990e1e0239219ce258a137ad87953208e48564a3d096f
SHA512

6692d1b4d0dfe8f81ff89c1c806ba156ab8ab6dbc9e70e428382d7686dc2eba153a73e6011cbe14e97b5f0d6adbd52d531c72e23fb66069812ff09516dfea432
SSDEEP

3072:VzdbH/3I6QUA8eIVPUOlHFy/PuMYX4EdS15H7UglSJntFq4oEQ+G4nHGylvdBspf:RdrA6Q5qKOlHFy0xdSHUC0niZENtnmyU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
127149e20f4eeec23d2e241b38e9f267_JaffaCakes118

Files

127149e20f4eeec23d2e241b38e9f267_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c271ea2bcf1a4f3122054076cfa3e97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZCopy
LZClose
LZOpenFileA

advapi32

RegQueryValueExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

InterlockedIncrement
GetFileAttributesA
WaitForSingleObject
WideCharToMultiByte
DeleteFileA
AddAtomW
GlobalFree
GetVolumeInformationA
GetVersionExA
lstrlenA
GetModuleFileNameA
InitializeCriticalSection
DeviceIoControl
GetLastError
CreateDirectoryA
CloseHandle
CreateMutexA
SetFileAttributesA
LocalFree
LocalAlloc
GetSystemTime
VirtualAlloc
QueryPerformanceCounter
EnumResourceNamesA
GetCurrentProcessId
GlobalLock
ReadFile
DeleteCriticalSection
CreateFileA
GetFileSize
ReleaseMutex
GetSystemTimeAsFileTime
GetModuleFileNameW
GetCurrentThreadId
InterlockedDecrement
GetTickCount
WriteFileGather
GlobalUnlock
VirtualFree
Sleep
CopyFileA
CreateFileW
GetTempPathA
SetFilePointer
MultiByteToWideChar
GetTempFileNameA
DisableThreadLibraryCalls
FreeLibrary

Sections

.text
Size: 94KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c271ea2bcf1a4f3122054076cfa3e97

Headers

File Characteristics

Imports

lz32

advapi32

setupapi

kernel32

Sections

.text Size: 94KB - Virtual size: 233KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 86KB - Virtual size: 85KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 94KB - Virtual size: 233KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 86KB - Virtual size: 85KB

.rsrc
Size: 512B - Virtual size: 4KB