JaffaCakes118_442059cac43d01d07ade2b406cb4b479

General

Target

JaffaCakes118_442059cac43d01d07ade2b406cb4b479
Size

177KB
MD5

442059cac43d01d07ade2b406cb4b479
SHA1

a745ebfa7e26de31017e9df35f8041f36f960244
SHA256

9a5408f93ab95b1323b4717fc9aa491f0cb8eea6c35651bd6205e55a646107c1
SHA512

d886e63778f85ec536848fd79f6005a1686a81beadf1d61c4e1a61e80dcd0ce109bb2d7fbd61ed84c778c30bf397bb6b0c494dfde8b321249966281c90978365
SSDEEP

3072:ZEfjF3/el3EEDWobFxQpseuIBU/p8ZtfeG47RMIELEzJ4D3TPOlHDRu3:CfR3YpxWsebBi8X2H76ZkuDjmdg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_442059cac43d01d07ade2b406cb4b479

Files

JaffaCakes118_442059cac43d01d07ade2b406cb4b479
.exe windows:4 windows x86 arch:x86

8db116d174549ab72d9893d86ef254a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZClose
LZCopy
LZOpenFileA

setupapi

CM_Get_Child
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

kernel32

VirtualAlloc
GetTickCount
VirtualFree
CreateDirectoryA
GetModuleFileNameA
CreateMutexA
GlobalLock
AddAtomW
GetFileSize
GetTempPathA
ReadFile
GetSystemTime
MultiByteToWideChar
SetFileAttributesA
GetVolumeInformationA
LocalFree
ReleaseMutex
Sleep
CopyFileA
DisableThreadLibraryCalls
QueryPerformanceCounter
EnumResourceNamesA
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
SetFilePointer
GetCurrentThreadId
DeleteCriticalSection
GetFileAttributesA
CreateFileA
GlobalUnlock
GetModuleFileNameW
WaitForSingleObject
WriteFileGather
GetSystemTimeAsFileTime
GetTempFileNameA
lstrlenA
DeviceIoControl
GetCurrentProcessId
GlobalFree
GetLastError
WideCharToMultiByte
CreateFileW
GetVersionExA
LocalAlloc
CloseHandle
DeleteFileA
FreeLibrary

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyExA
RegQueryValueExA
RegEnumKeyA
RegCloseKey

Sections

.text
Size: 93KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8db116d174549ab72d9893d86ef254a4

Headers

File Characteristics

Imports

lz32

setupapi

kernel32

advapi32

Sections

.text Size: 93KB - Virtual size: 232KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 77KB - Virtual size: 77KB

.rsrc Size: 4KB - Virtual size: 72KB

.text
Size: 93KB - Virtual size: 232KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 4KB - Virtual size: 72KB