21cc4bb7e06c86ade4acff47f4e6b9b2_JaffaCakes118 | Triage

Sharing

General

Target

21cc4bb7e06c86ade4acff47f4e6b9b2_JaffaCakes118
Size

169KB
MD5

21cc4bb7e06c86ade4acff47f4e6b9b2
SHA1

967f0cc7115a1d28b4e503fff8df44b9ea74c5ed
SHA256

94fb7f093393f3ca420dbfcb6a86c70fc5ef64f6aa803dfa938fcde1626114d5
SHA512

ed039834ea9557bd0299d233a6ece883ae365c8dedf32c7209432845090f8d3f19da59c2b5004855061e501fcd08c5bf6c9aafaf620ddf17517a1f82939b33f0
SSDEEP

3072:dLo25Dcf+KlE8TDa7o1r7HnIogkK7rywQNKQa14IJccUTjxwl:dL5Dc1XlIoA7rgK3+hnNw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21cc4bb7e06c86ade4acff47f4e6b9b2_JaffaCakes118

Files

21cc4bb7e06c86ade4acff47f4e6b9b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ead94559efbe321d89b25a39af852be

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

user32

EnumDisplaySettingsW

clusapi

CloseCluster

comctl32

InitCommonControlsEx

kernel32

QueryPerformanceCounter
ReplaceFileW
TerminateProcess
IsDebuggerPresent
GetProcessId
GetCurrentProcessId
InterlockedExchange
GetTickCount
EnumResourceTypesA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitProcess
Sleep
InterlockedCompareExchange
GetCurrentThreadId
GetSystemTimeAsFileTime
GetStartupInfoW
GetCurrentProcess

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ