JaffaCakes118_4efa709f2987602b87419e5dfb0c1a35

General

Target

JaffaCakes118_4efa709f2987602b87419e5dfb0c1a35
Size

168KB
MD5

4efa709f2987602b87419e5dfb0c1a35
SHA1

083b1343f903de82499d86c2c81df140fb15d4b8
SHA256

2d6a940bd55c9ac94d31445e4435fa1251a4cbc7f9e3fb939e8defd94ca8b520
SHA512

726bd55689491b969572984e67836053c8ed57cea668af98bf79d6bd82367a86949214ceec84f849e711f9af2ae5897d74f7229b7bc1a9b1c3b4dc24c0d21fad
SSDEEP

3072:MOTMST/zZDAZorA6jsOurDnV9ohNG8DOsEEbMxl4+LwWWRyILM:nTPDD96DnV96NWsEEQI+c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4efa709f2987602b87419e5dfb0c1a35

Files

JaffaCakes118_4efa709f2987602b87419e5dfb0c1a35
.exe windows:4 windows x86 arch:x86

cc0682ea2f00c23e53af5806c28b7816

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
lstrlenA
AddAtomW
WaitForSingleObject
InterlockedDecrement
CopyFileA
GetSystemTime
GetModuleFileNameW
Sleep
GlobalUnlock
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
CreateFileW
ReleaseMutex
DeleteFileA
GetVersionExA
GlobalLock
VirtualAlloc
InterlockedIncrement
GetSystemTimeAsFileTime
EnumResourceNamesA
GetTempFileNameA
GetModuleFileNameA
SetFileAttributesA
CreateMutexA
LocalFree
MultiByteToWideChar
DeviceIoControl
WriteFileGather
WideCharToMultiByte
GlobalFree
GetTempPathA
SetFilePointer
ReadFile
LocalAlloc
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
CreateDirectoryA
QueryPerformanceCounter
GetVolumeInformationA
CloseHandle
GetFileAttributesA
DisableThreadLibraryCalls
VirtualFree
FreeLibrary

lz32

LZCopy
LZClose
LZOpenFileA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegQueryValueExA
RegCloseKey

setupapi

CM_Get_Child
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

Sections

.text
Size: 89KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc0682ea2f00c23e53af5806c28b7816

Headers

File Characteristics

Imports

kernel32

lz32

advapi32

setupapi

Sections

.text Size: 89KB - Virtual size: 485KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 75KB - Virtual size: 74KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 89KB - Virtual size: 485KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 75KB - Virtual size: 74KB

.rsrc
Size: 512B - Virtual size: 4KB