368348e2dd5cbaa1b3dc3cef1ff3076e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

368348e2dd5cbaa1b3dc3cef1ff3076e_JaffaCakes118
Size

194KB
MD5

368348e2dd5cbaa1b3dc3cef1ff3076e
SHA1

db904a790153452b1e04edc10bf03b30539c0a38
SHA256

3c1831b94874e16cb220b43bacd24aa5ca8f00dffc73bd4e70e91a9f1433ce41
SHA512

24dc8bf92fdb7544433f95db80de7342a2419c2513470807dbc2090c5e4fb474d2046f2de88bce2819937e29b86302f57ff6de6f3540c1fb1ed3ed2a79c28349
SSDEEP

3072:pBgIlCdIEjqKbIt463TGxyku2K+y/1p8x1TtAhB5ua6tCVQMuu7KH:pBgIANjJo3imtpG26zJu7K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
368348e2dd5cbaa1b3dc3cef1ff3076e_JaffaCakes118

Files

368348e2dd5cbaa1b3dc3cef1ff3076e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8181fc94f299e9018db338d796db4803

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetEnvironmentVariableA
GetSystemTimeAsFileTime
VirtualQueryEx
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
ExitProcess
lstrlenW
GetLocaleInfoA
LocalAlloc
IsDebuggerPresent
GetCurrentProcess
RaiseException
GetStartupInfoA
EnumResourceNamesW
GetACP
MultiByteToWideChar
Sleep
FindResourceExW
SetUnhandledExceptionFilter
WideCharToMultiByte
UnhandledExceptionFilter
lstrlenA
GetModuleHandleA
GetCurrentProcessId
InterlockedExchange
CreateProcessA
GetThreadLocale

advapi32

RegOpenKeyA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

StringFromIID
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ