JaffaCakes118_5dc07529222fbbaa09b22ca5686992d9

General

Target

JaffaCakes118_5dc07529222fbbaa09b22ca5686992d9
Size

167KB
MD5

5dc07529222fbbaa09b22ca5686992d9
SHA1

55f444cc846d3dec13606b5efd75684127388e52
SHA256

3e00a59f3c489f8f0030f312edec6c7324158227b55c0ab23a37d3515e6eb861
SHA512

5fb6f6497c06fa45f17cf4dcff392d0986798b721a86c298668b32aceebe3eccbb09f3da83a038eeaae38862ed4605d1d56ff62d38890139aee1c14f7d2e1f9e
SSDEEP

3072:WT3agtQ2WNRHFggFgpRvTGQXb85vjX95URu1lWtvfdAZlQXuW0H:WrWPRSp9XbCjX95URLvlAZlQXuW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5dc07529222fbbaa09b22ca5686992d9

Files

JaffaCakes118_5dc07529222fbbaa09b22ca5686992d9
.exe windows:4 windows x86 arch:x86

b653266b296f2ec3e01a42337018cd85

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomW
DeviceIoControl
GetCurrentThreadId
CreateDirectoryA
GlobalUnlock
SetFileAttributesA
GetVolumeInformationA
CreateFileA
GetTickCount
DeleteCriticalSection
CreateFileW
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTempFileNameA
GlobalLock
InterlockedIncrement
GetVersionExA
DeleteFileA
GetModuleFileNameA
GlobalFree
InterlockedDecrement
LocalFree
EnumResourceNamesA
lstrlenA
InitializeCriticalSection
GetModuleFileNameW
GetFileAttributesA
DisableThreadLibraryCalls
CloseHandle
FindResourceA
ReleaseMutex
CreateMutexA
LocalAlloc
GetTempPathA
GetFileSize
WaitForSingleObject
MultiByteToWideChar
VirtualFree
Sleep
VirtualAlloc
ReadFile
QueryPerformanceCounter
CopyFileA
GetSystemTime
GetLastError
WideCharToMultiByte
FreeLibrary

advapi32

RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExA
RegQueryValueA
RegDeleteKeyA
RegCloseKey

setupapi

CM_Get_Child
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

lz32

LZCopy
LZClose
LZOpenFileA

Sections

.text
Size: 85KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b653266b296f2ec3e01a42337018cd85

Headers

File Characteristics

Imports

kernel32

advapi32

setupapi

lz32

Sections

.text Size: 85KB - Virtual size: 480KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 85KB - Virtual size: 480KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 512B - Virtual size: 4KB