24421c8348405c34334aa03768a2dd21_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24421c8348405c34334aa03768a2dd21_JaffaCakes118
Size

223KB
MD5

24421c8348405c34334aa03768a2dd21
SHA1

6d1997699d3733dae660a8c9765986461d233ad3
SHA256

824e3cde7e8ca3e002b608d25f04e2b61794cf682cffe08cf4ac4b0acb07226b
SHA512

8d93b3b0596983a520f831f3ff4ab72a70e14b3da5e5e69c4e4a30a466dd50d09d8bf2330acf14f8ff7b19a549accd0f0039ab742a2990bed7a3d2d530f50f8f
SSDEEP

3072:H1hSajcXpABQqZi8T3Glj7aybezTXCvTj9TBzQ33UqQ:HNAEDGN7ZmTCv9VEnU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24421c8348405c34334aa03768a2dd21_JaffaCakes118

Files

24421c8348405c34334aa03768a2dd21_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3f4be8ee18eba61a642d70a8bd125cc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
Sleep
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
InterlockedCompareExchange
InterlockedExchange
IsProcessorFeaturePresent
QueryPerformanceCounter
RtlUnwind

comdlg32

PrintDlgA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hed
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ