f42c64177f353cdc31744fdb7de45336_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f42c64177f353cdc31744fdb7de45336_JaffaCakes118
Size

176KB
MD5

f42c64177f353cdc31744fdb7de45336
SHA1

244485ecaa965d0c0c38d66b7767d3f63de740eb
SHA256

5cbaaa47be283b88c8e6fffdc367c059f13f1167416579d3397a36511f901ab0
SHA512

65a0b19aed7dd0cf9e69cd913a218dbfecab0690af3d86960473e127f080ea9ee1814fe48b27ac79f66e0ecc25c24ba8b1cdba6c617886903411522d6e35e44b
SSDEEP

3072:Ynsotl3zgmxYuihMEBrIucCiRK6Pv/weeFMrrmnpq7OlCorMrxjBkwRnU2yh9CPi:UtlvyuihMAr5iRKqdeFMrrUgy/gRJRUN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f42c64177f353cdc31744fdb7de45336_JaffaCakes118

Files

f42c64177f353cdc31744fdb7de45336_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c42a95927842a521efc16ccdfd027c35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW

ole32

IIDFromString
CoCreateInstance

kernel32

FindClose
LoadLibraryW
MultiByteToWideChar
LocalFree
SetProcessWorkingSetSize
GetExitCodeThread
lstrcmpA
LoadLibraryExW
lstrlenW
CreateProcessW
lstrcmpiW
FindFirstFileA
EnumResourceNamesW
WideCharToMultiByte
InterlockedCompareExchange
lstrcmpiA
GetTempPathA
CreateDirectoryExA
DeleteFileA
LocalAlloc
RemoveDirectoryA
Heap32ListNext
lstrlenA
CreateEventW
CopyFileW
HeapSetInformation
SetFileAttributesA
GetFileAttributesA
FindNextFileA
DeleteFileW

advapi32

RegSetValueExA
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegCreateKeyW
RegCreateKeyA
RegOpenKeyExW
RegOpenKeyExA
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ