09ef83c488d74fcdee22ff21ce43cbf8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09ef83c488d74fcdee22ff21ce43cbf8_JaffaCakes118
Size

64KB
MD5

09ef83c488d74fcdee22ff21ce43cbf8
SHA1

befddf44fe62e019955b253d3df38338cff621cb
SHA256

9039a668d7bb861a319c105ed6bb3d0fd21cc8ef3b234e99b90b359a951a7dd4
SHA512

4ab95c93d5b6ae972c247599bfbf77514ad1e3a7f8e1b355f34ffd77367cc02e74b544a54ad749ebc494835ad5bf08a82b5cfc2565131a56e57c393ef85b07a5
SSDEEP

1536:pS0iqXsh4+TLhOYgvyY0wxNkMJQp1kfKC1yo0EbzF:pyq1+VD5iDfK40E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09ef83c488d74fcdee22ff21ce43cbf8_JaffaCakes118

Files

09ef83c488d74fcdee22ff21ce43cbf8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd78dda2e4c9a6313d305a9db7570087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleHandleA
DeleteFileA
CreateProcessA
lstrcpyA
WriteFile
GetTempPathA
GetEnvironmentVariableA
LoadLibraryA
CreateFileA
FindResourceA
WaitForSingleObject
LockResource
GetProcAddress
CloseHandle
GetVersionExA
SizeofResource
LoadResource
CreateDirectoryA

setupapi

SetupIterateCabinetA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

user32

wsprintfA
MessageBoxA

Sections

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ