386473b24b29fc5e92559f3b7bed0739_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

386473b24b29fc5e92559f3b7bed0739_JaffaCakes118
Size

175KB
MD5

386473b24b29fc5e92559f3b7bed0739
SHA1

d737b9bd7e5e5c1d2e404b8f3642e0fb0a195e7b
SHA256

432019c55abb451de62984607f37d7c8d67d5354c4dc4a383cdb6a31fc884512
SHA512

c062cf1e52ac8e907ef816af87501714feb8e6f737609bde6727e960130c9325b4b6d41094237f459567379b5f9ab31da4a894a841b1c06165e124f5a05f7bcc
SSDEEP

3072:a+AumLEDsoMaqqiIJRPxk2hoVvjHL5aKDJYnp2YVZYf6zHwFwv4OG:a+Au3soMkpOYahaKNYnpmfVwv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
386473b24b29fc5e92559f3b7bed0739_JaffaCakes118

Files

386473b24b29fc5e92559f3b7bed0739_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2aea1f7f3c922153567929546dd9701

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
GetSystemTimeAsFileTime
RaiseException
MultiByteToWideChar
EnumResourceNamesA
lstrlenA
CreateProcessA
WideCharToMultiByte
LocalAlloc
GetCPInfoExA
InterlockedExchange

ole32

StringFromIID
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

oleacc

LresultFromObject
CreateStdAccessibleObject

advapi32

RegCreateKeyExA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ