163cbebd94be136fa496b58bc8ce5537_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

163cbebd94be136fa496b58bc8ce5537_JaffaCakes118
Size

176KB
MD5

163cbebd94be136fa496b58bc8ce5537
SHA1

86e26096d1e9ed99e75c72a653edbc9623b9847c
SHA256

175d6c5b92a7dab3d92c76453e886e60a8565e15220d8014fd10af6715895272
SHA512

4dc2d0e06e2848e4ef78d61d087ccf711a00c24434ac0e319acf4bea978306695dfed60c181d396ae9d9c81548d3c2bb49f6fba3ba46930f564a6556f4aae022
SSDEEP

3072:nQV7AB3seXhLgyBsxt8T1feESEKEdzE0AhA7XLJ7QsgbiZCLp3e7n5k8gF:QCB3sedgyuxt4xeESEtE0GgFqiZKpSuN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163cbebd94be136fa496b58bc8ce5537_JaffaCakes118

Files

163cbebd94be136fa496b58bc8ce5537_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99dcbfb35c0960e38a4248fd83324f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseCluster

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

user32

EnumDisplaySettingsW

comctl32

InitCommonControlsEx

kernel32

ReplaceFileW
InterlockedCompareExchange
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetProcessId
Sleep
GetCurrentThreadId
QueryPerformanceCounter
EnumResourceTypesA
GetCurrentProcessId
IsDebuggerPresent
GetStartupInfoW
ExitProcess
InterlockedExchange
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess

shell32

ShellExecuteW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ