3b5897516c7ef76b5216f98c1ded648b_JaffaCakes118

General

Target

3b5897516c7ef76b5216f98c1ded648b_JaffaCakes118
Size

278KB
MD5

3b5897516c7ef76b5216f98c1ded648b
SHA1

d59c32a8e27ad60c6f0b02f28a5c0f6cac145d5f
SHA256

a93326b1cd5b0e462e68c437cd0739042076c957bb218c8ecf2de499230f958f
SHA512

689da7544f5a9004ae6b0f292d70efc868842bb2f41d3327cf80d21bb829e058d4532d82fd0dd242e4afc2439624710cbcf4a7a15a7b18b2d71286e9f543502d
SSDEEP

6144:ObP9Xgm4XyF2taiy5OBGkA/ua3gP59iFOj6qVG3igtQmfZyV:uFXgmDkal5PkA/ua3o5KONGSgP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b5897516c7ef76b5216f98c1ded648b_JaffaCakes118

Files

3b5897516c7ef76b5216f98c1ded648b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02ab8cdd98db8a3a3b842c231ac134f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA
RegCloseKey

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

GetExitCodeProcess
CloseHandle
UnmapViewOfFile
CreateFileW
AddAtomW
GetCommandLineA
WriteConsoleW
LocalAlloc
WaitForSingleObject
CreateWaitableTimerA
GetSystemTime
GetCurrentThreadId
CreateEventA
SetFileAttributesW
LocalFree
GetFileAttributesW
CreateFileMappingA
CreateThread
CreateProcessW
CopyFileW
EnumResourceNamesA
FileTimeToLocalFileTime
GetVersionExW
WriteFileGather
SetEvent
DeleteFileW
GetEnvironmentVariableW
GetModuleHandleW
GetTempPathW
FileTimeToSystemTime
LoadLibraryExW
GetSystemDirectoryW
CreateDirectoryW
MoveFileExW
MapViewOfFile
ResetEvent
CreateFileA

lz32

LZClose
LZCopy
LZOpenFileA

Sections

.text
Size: 138KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02ab8cdd98db8a3a3b842c231ac134f4

Headers

File Characteristics

Imports

advapi32

setupapi

kernel32

lz32

Sections

.text Size: 138KB - Virtual size: 270KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 136KB - Virtual size: 136KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 138KB - Virtual size: 270KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 512B - Virtual size: 4KB