4da87f6edeb5832d5cf537227948b2c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4da87f6edeb5832d5cf537227948b2c7_JaffaCakes118
Size

176KB
MD5

4da87f6edeb5832d5cf537227948b2c7
SHA1

a6834200866b3f3cf17e79189a6d0428ad48798a
SHA256

b4eaa4949e187d0d1591a70d395b2fded3f6e22044edd81297d4493366f56d54
SHA512

006100381e5049688491e6d12841ad87326934bc8f4a3dc3fd70b0496ef607dbb4b7c11ff4990fde1c6e63405a9b036cfb1aaac4366986ce10d6ac15543dfa27
SSDEEP

3072:2y1Ta4T6ZVWyt+QewzwPpGwYD626XpgDgDfdv3Cyit1/SbAjIW2JUACBhy8Rhr:2yM4T6Lt+sw/p2qdv3CyitBSbSIZvCBl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4da87f6edeb5832d5cf537227948b2c7_JaffaCakes118

Files

4da87f6edeb5832d5cf537227948b2c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

960d6e9300f85896161a7453e37d5dcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQueryEx
MultiByteToWideChar
GetACP
GetSystemTimeAsFileTime
lstrlenA
GetLocaleInfoA
InterlockedExchange
GetEnvironmentVariableA
RaiseException
lstrlenW
IsDebuggerPresent
GetCurrentProcess
LocalAlloc
EnumResourceNamesW
SetUnhandledExceptionFilter
GetCPInfoExA
GetModuleHandleA
CreateProcessA
ExitProcess
UnhandledExceptionFilter
WideCharToMultiByte
GetThreadLocale

ole32

StringFromIID
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

oleacc

LresultFromObject
CreateStdAccessibleObject

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegSetValueExA

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ