44ad8b823ce6480059785466537893a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44ad8b823ce6480059785466537893a3_JaffaCakes118
Size

64KB
MD5

44ad8b823ce6480059785466537893a3
SHA1

db94cbfe496bc1df0dae889a49f3a562a643584c
SHA256

10049b17143d13e18b7ccc565fb68f8c90366034cb5f26e682f3eb29231526ed
SHA512

a2c5c24b571725a45970dd6a66435419d950384862e2a645fb88c1feaae0a61911f1b49b88613be141c5f4dae24661404392618be370d6bf759535bf41952beb
SSDEEP

768:37T1PXOzvyZ+lljr+UuNC+kigvO1YfXxtjSR47EWUCKrc0LgUR4F:3FebyZMljOkvvOOtjSR4gWUCKYXUR4F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44ad8b823ce6480059785466537893a3_JaffaCakes118

Files

44ad8b823ce6480059785466537893a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c299cfd57f3ea0b7c489611a18f0ea4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
GetEnvironmentVariableA
WinExec
GetSystemDirectoryA
GetVersion
CopyFileA
CreateFileA
MoveFileA
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
WriteFile
SetFileTime
GetModuleFileNameA
GetStartupInfoA
GetModuleHandleA

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_stricmp

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE