427492f44a0133203ea1407f194827c5_JaffaCakes118 | Triage

Sharing

General

Target

427492f44a0133203ea1407f194827c5_JaffaCakes118
Size

6.0MB
MD5

427492f44a0133203ea1407f194827c5
SHA1

aa994d91452d27f731a3fdff2f69f87235e51f69
SHA256

9924d2587fe2846833f43e1d4131761bba20cf23cfc9c5a416dfb76f665ab77b
SHA512

4a7da2c05a886174e26db0809c78bcb2aaa4648d54df111b0d5859d563194e76163bf6a247465afdd53e1451eabcb3d3e6ee2021963c4ed9e4143700e108dbc2
SSDEEP

98304:51dcWVBfBfxi8kckNpR0Gb3aWx0Gej85fBsx842+Ti//NraUfCgH2bZpA:RcmdxiRckqAj0P85Sx842Nrai7MZpA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
427492f44a0133203ea1407f194827c5_JaffaCakes118

Files

427492f44a0133203ea1407f194827c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a52150260066d3d1529c887a65617b97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
WriteFile
LockResource
LoadResource
FindResourceA
CloseHandle
SizeofResource
WaitForSingleObject
lstrlenA
DeleteFileA
lstrcatA
lstrcpyA
GetModuleHandleA
GetCommandLineA
FreeResource
CreateProcessA
GetTempFileNameA
GetTempPathA
lstrcmpiA

user32

LoadStringA
MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 4KB - Virtual size: 897B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ