400ab3411cc7d68fc679dd9cf7b3b238_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

400ab3411cc7d68fc679dd9cf7b3b238_JaffaCakes118
Size

177KB
MD5

400ab3411cc7d68fc679dd9cf7b3b238
SHA1

7370e037f753ced35f4953760dba371db431fe53
SHA256

2969d1e715e819ba961dc2436a56be61956918c4a2070ac121788c73d2a2bdac
SHA512

42746faa7506ff7ed93c8f10827a330f04023936d6b33fbe9772096f19ae4d4019a5ec28b21e3bab390850c36aefef5935f2cf674e8711806a409c6cc7a618a0
SSDEEP

3072:VRtAWQIY2ji8tFTRmejdo1C4buFjzYeXw/wf0rNAvcYMZxloH7nq1H/KYlCL/F0t:VRt9i8/dvjwBuFjEeXw/SOA0YwaqZ/J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
400ab3411cc7d68fc679dd9cf7b3b238_JaffaCakes118

Files

400ab3411cc7d68fc679dd9cf7b3b238_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1aeb41e760726e3dbda56bffe234a61f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW

kernel32

SetProcessWorkingSetSize
lstrcmpiW
LoadLibraryW
LocalAlloc
FindNextFileA
HeapSetInformation
lstrlenW
SetFileAttributesA
lstrcmpiA
CreateDirectoryExA
lstrlenA
InterlockedCompareExchange
EnumResourceNamesW
LoadLibraryExW
GetExitCodeThread
GetTempPathA
DeleteFileA
LocalFree
CreateEventW
MultiByteToWideChar
CreateProcessW
Heap32ListNext
RemoveDirectoryA
GetFileAttributesA
FindClose
CopyFileW
FindFirstFileA
WideCharToMultiByte
lstrcmpA
DeleteFileW

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegCreateKeyA
RegCreateKeyW
RegDeleteKeyW
RegSetValueExA
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegDeleteValueW

ole32

IIDFromString
CoCreateInstance

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ