603e2f7189987a6d9831f7e0a1d060b0_JaffaCakes118 | Triage

Sharing

General

Target

603e2f7189987a6d9831f7e0a1d060b0_JaffaCakes118
Size

378KB
MD5

603e2f7189987a6d9831f7e0a1d060b0
SHA1

ded8b39b9e86ae558dcf961f9fbb4d4146c2fc0f
SHA256

8778235edeaf6fa4c607b34143b02462f52d7cadbd600d9011a9f584f63b027c
SHA512

d57352545f7019e34e7f29cec7630c44d67b929f582867e93fe7d19aeaeca31ec0e9db09f19b3f96818ec894e09010a86e845172d43828a9ffcd2e7a7b946c60
SSDEEP

6144:t0tfkibdRyGGhFoF4b9jxAulGVoJfVItVlxpYT8CcVfYV7AEI+clZlEEbHUcNxo:tKPfvqtxbGCJNI7uBcVfYV7ATlZlEMHv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
603e2f7189987a6d9831f7e0a1d060b0_JaffaCakes118

Files

603e2f7189987a6d9831f7e0a1d060b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f7dfc126c365b21877915eade98c9bde

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
TerminateProcess
RtlMoveMemory
GetModuleFileNameA
GetProcAddress
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
UnlockFileEx
GetSystemTimeAsFileTime
GetCurrentProcessId
HeapAlloc
SleepEx
GetCurrentThreadId
GetCurrentProcess
GetModuleHandleA
RemoveDirectoryA
LocalShrink
FileTimeToSystemTime
InterlockedExchange
RtlUnwind
AddAtomA
QueryPerformanceCounter
VirtualQuery
LoadLibraryA
LocalAlloc
EnumResourceNamesA
SetEnvironmentVariableW
RtlFillMemory
ExitProcess
GetTickCount

advapi32

CryptSetProviderW
LookupPrivilegeDisplayNameW
RegDeleteValueA
CryptVerifySignatureW
CryptSetProviderExW
RegRestoreKeyW
CryptSetProviderA
RegQueryValueA
LookupAccountSidA
RegOpenKeyExA
RegSetValueExW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ