39c8320a337f2ae3f3dae401893609bc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39c8320a337f2ae3f3dae401893609bc_JaffaCakes118
Size

104KB
MD5

39c8320a337f2ae3f3dae401893609bc
SHA1

fd8b7715e0eddd02fa5128a91ef5e3c95ddf74c9
SHA256

01e9668b41112cde6d4d89681b6474a373e3a0f5dbace63d7451bf93b8a509a5
SHA512

134ed4c190b495b5b5fb2e3a6140dca0414fa2c23a39b95679a8c05b230a40db2b3491b9a0dc3fa25d531550b9af487ed2cbd1e89dba6652d038256c7fdc3dab
SSDEEP

96:6tDbg/62EFNvTcm9mzQHrNXdty+ld+Jukdh4Y/k6JIjirD6uhDVKz:sg/0JTXEzQHrNXa+l8JfhV/313hQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39c8320a337f2ae3f3dae401893609bc_JaffaCakes118

Files

39c8320a337f2ae3f3dae401893609bc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e417afbb11c69b8ef2f5ee3eeb2b5587

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
ExitProcess
CreateFileW
ReadFile
FindNextFileW
LocalFree
CloseHandle
GetProcAddress
FindClose
lstrcmpiW
MultiByteToWideChar
FindFirstFileW
CopyFileW
MoveFileExW
SetFilePointer
GetFileAttributesW

user32

PostMessageW

gdi32

AddFontResourceW

advapi32

RegCloseKey
RegEnumValueW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ