62dd64518b1cfa006ecc12598cc9aff1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

62dd64518b1cfa006ecc12598cc9aff1_JaffaCakes118
Size

177KB
MD5

62dd64518b1cfa006ecc12598cc9aff1
SHA1

2677c4c56bf65ec63e6699e1cc45b248847b9c1f
SHA256

0078073fff32efde952684153e85c93a6abd2cc64e6e58729c4163f43890d96c
SHA512

2713ed679bc3c0cdf59281321d0d6abb87af4382d8ee04b5b39f2f67d18272c209d18daee120866840a729d7be0a4ea1cb6367c7eb261f10699d44e0a0606ba9
SSDEEP

3072:hBHAjHy0PHaQ3Z/DAJh0cNsi0yKvP13Kfz3Kdb2fgx4OMQ16994/uc0ppJf2SCPM:fHAjHye/sJyKZkH13c3K12e4OMQ16994

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62dd64518b1cfa006ecc12598cc9aff1_JaffaCakes118

Files

62dd64518b1cfa006ecc12598cc9aff1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bb856f42da9e041abf7dccdd3a5cceb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW

kernel32

RemoveDirectoryA
lstrcmpA
VirtualQueryEx
GetExitCodeThread
lstrlenW
GetFileAttributesA
LoadLibraryExW
GetTempPathA
InterlockedCompareExchange
CopyFileW
LocalFree
lstrcmpiA
LoadLibraryW
EnumResourceNamesW
WideCharToMultiByte
CreateProcessW
FindNextFileA
Heap32ListNext
lstrlenA
HeapSetInformation
DeleteFileA
MultiByteToWideChar
CreateDirectoryExA
LocalAlloc
lstrcmpiW
FindFirstFileA
CreateEventW
SetFileAttributesA
FindClose
DeleteFileW

psapi

GetModuleBaseNameW

ole32

IIDFromString
CoCreateInstance

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ