e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118

General

Target

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118
Size

168KB
MD5

e3b819b82243a8eb75673a9bb77a2aaa
SHA1

b62167d96bdb6437ec3fec596d95f5c7ce91b731
SHA256

9d0eebe40aeedb7a33d6c93e1370a4b3a0d2c1ff7868b33f87672f4248f2d0c3
SHA512

c4f2b5e467205406a0a4fb35f346152ea11972a2ade8f793b47a4e07600775fc6e80804b384d08354ee4cccd14c8cf41d0f639e241beab8ae96006b490592372
SSDEEP

3072:3w0kxfJr+HMTthTtsOkmeD0wVoCin2c2mRO0edWnecPEH/dpQji+:ExV+sT6keD7obLFne+4H/8jN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118

Files

e3b819b82243a8eb75673a9bb77a2aaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c042d4996251e934c838fbf195bd75c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZCopy
LZClose
LZOpenFileA

kernel32

GetTempFileNameA
CreateFileA
QueryPerformanceCounter
LocalFree
GetFileAttributesA
GetModuleFileNameA
GetModuleFileNameW
GetVersionExA
AddAtomW
WideCharToMultiByte
InterlockedDecrement
DeviceIoControl
GetCurrentThreadId
GlobalFree
GetCurrentProcessId
ReadFile
WaitForSingleObject
GetTickCount
DeleteCriticalSection
CreateFileW
VirtualAlloc
GlobalUnlock
EnumResourceNamesA
GetTempPathA
CopyFileA
DeleteFileA
InitializeCriticalSection
SetFilePointer
GetSystemTimeAsFileTime
CloseHandle
VirtualFree
FindResourceA
CreateMutexA
GetFileSize
InterlockedIncrement
SetFileAttributesA
GetVolumeInformationA
GetSystemTime
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
GetLastError
GlobalLock
CreateDirectoryA
Sleep
LocalAlloc
ReleaseMutex
FreeLibrary

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

advapi32

RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegEnumKeyExA
RegCloseKey

Sections

.text
Size: 92KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c042d4996251e934c838fbf195bd75c2

Headers

File Characteristics

Imports

lz32

kernel32

setupapi

advapi32

Sections

.text Size: 92KB - Virtual size: 487KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 73KB - Virtual size: 72KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 92KB - Virtual size: 487KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 73KB - Virtual size: 72KB

.rsrc
Size: 512B - Virtual size: 4KB