03e8e7695a7eca8b7b4404b599844c33_JaffaCakes118 | Triage

Sharing

General

Target

03e8e7695a7eca8b7b4404b599844c33_JaffaCakes118
Size

27KB
MD5

03e8e7695a7eca8b7b4404b599844c33
SHA1

bbcac36ff4c98903a50dbff33a35981acb6da70f
SHA256

c569117ace007ac6afa839d88e35097a986fd8c4e37fd8da4f9358fdd3002f78
SHA512

d053a5aac9895c779672d0c12d88fb509f4f7a24f3fffc84f52bb1bcaf961d49efc7575844814c00f85a2dca3c9e56d3ef8b6f5c62a7b9825b2542538e7898f5
SSDEEP

384:XkTLZlml4WSGcTgfp3Z9+lP+ycWZWiZABhczDoZ:8cSGcTgB3Zk07WZWiZ8QDo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e8e7695a7eca8b7b4404b599844c33_JaffaCakes118

Files

03e8e7695a7eca8b7b4404b599844c33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34bdc43108480d5a3a68910caa27ec37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegEnumKeyA

user32

wsprintfA

kernel32

GetModuleFileNameA
GetEnvironmentStrings
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetLastError
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
RtlUnwind
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetProcAddress
LoadLibraryA
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetStringTypeW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WYCao
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ