332c41a5e93e2db552bf793423359f5c_JaffaCakes118 | Triage

Sharing

General

Target

332c41a5e93e2db552bf793423359f5c_JaffaCakes118
Size

962KB
MD5

332c41a5e93e2db552bf793423359f5c
SHA1

d42d312b4d6d74833db36fd7e11fa5d9f3b8c020
SHA256

4112e45582843c4871e373499ba7bb0b13313be30b120d5475ab9f77cebce3bc
SHA512

b393ab111ce8a6b02f8249b616cf48df462171057e44d1a689fdfd74981b4f8eacb7bd7de910b3249aa20b2dafc52fc4dbac55cf1f9aca94eb5c199c3e5e7914
SSDEEP

24576:uWQGcP1UwgDno7K2ti8XYGOBY/dnn1AvozCtFoRVFGqz:XQEJoOBY/Nqxt2Rh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
332c41a5e93e2db552bf793423359f5c_JaffaCakes118

Files

332c41a5e93e2db552bf793423359f5c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fbe9f60f7920eb5dff4f6566effa4ca7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetLastError
GetCurrentThreadId
Sleep
SetEvent
GetModuleHandleA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
TerminateProcess
GetTickCount
OpenEventW
GetCurrentProcessId
SetUnhandledExceptionFilter
QueryPerformanceCounter
CloseHandle
UnhandledExceptionFilter

tapi32

lineClose
lineAccept

setupapi

SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

advapi32

RegCloseKey
RegQueryValueExW

msvcrt

_controlfp
__setusermatherr
memset
__p__fmode
__p__commode
_vsnwprintf
exit
__set_app_type
_exit
_amsg_exit
__wgetmainargs
_XcptFilter
?terminate@@YAXXZ
_initterm
_cexit
_wcsicmp

Sections

.text
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 373KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ