098d8ee3f4fc68f21d321d72e700c34e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

098d8ee3f4fc68f21d321d72e700c34e_JaffaCakes118
Size

175KB
MD5

098d8ee3f4fc68f21d321d72e700c34e
SHA1

a9c2f12f006d266bff8c2c3193b2595e06a2c8d3
SHA256

cb092cf9f1f3b69b8c2e9ae540149dd0da7d500f00ac6561ec503a2818349030
SHA512

254ae8548535911b6aab783e11523bf629dd671f6a0548c2efb034f7bef8e42b632f6171ff409f78450767632aca0b3fbd6b8dc06000b4f905de25841bfa904d
SSDEEP

3072:1rZx+rE+/YVHZYtSDDRWHITxF0syylssUoAcjFLHCh9i4ySJxZwS3M2K9:1+rEcYZ+QRWHID0+sajFk9Vrzg9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
098d8ee3f4fc68f21d321d72e700c34e_JaffaCakes118

Files

098d8ee3f4fc68f21d321d72e700c34e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

167a4f549df2e5832cd1860e2cc6fd1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

InterlockedCompareExchange
ReplaceFileW
QueryPerformanceCounter
GetStartupInfoW
GetCurrentThreadId
IsDebuggerPresent
GetProcessId
GetSystemTimeAsFileTime
InterlockedExchange
EnumResourceTypesA
GetTickCount
ExitProcess
Sleep
TerminateProcess
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess

user32

EnumDisplaySettingsW

clusapi

CloseCluster

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ