6527f1ddc00c6863a7689a9eae369cbb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6527f1ddc00c6863a7689a9eae369cbb_JaffaCakes118
Size

1.2MB
MD5

6527f1ddc00c6863a7689a9eae369cbb
SHA1

4cc07852b3f37cc0cf5b1ce6f4e3b72d2021edf5
SHA256

3fb260c73f7208c09d26061a8c0dc0168a46e692904f7325d387bfd428c999ce
SHA512

8c9130075ecae9caf646651c894d0b9cde486245a14b898fd7f74b29ebe863133e1edb0cd4525cfe2f863040d218b7bbcf686e0519df3f999dd333962b356dde
SSDEEP

3072:/aqWPWCzre8E3bL0hPUmVcVThVCVYMvPpOIHNkYoCUKo2qjm6:/aqWPWCzreWUmpvNkbCzVqC6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6527f1ddc00c6863a7689a9eae369cbb_JaffaCakes118

Files

6527f1ddc00c6863a7689a9eae369cbb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9e4b0e9dc5977d63dd114671c769094

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

FindClose
FindFirstFileA
FindNextFileA
GetPrivateProfileIntA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetVolumeInformationA
GetWindowsDirectoryA
LocalAlloc
ExitProcess
ReadFile
CreateFileA
Sleep
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CloseHandle
LocalFree
SetFilePointer

advapi32

RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 890B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE