646abf38720c7301698c32bec62d84ce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

646abf38720c7301698c32bec62d84ce_JaffaCakes118
Size

39KB
MD5

646abf38720c7301698c32bec62d84ce
SHA1

8070fdab5da16fa1e182e1889fb515b178a02aec
SHA256

97c55615c19319abb2ed8dbde25f54f8cf5acdfdbf4fe9757bad659ac396668d
SHA512

11027dc7227c2203d04356304b14d58d68ab163ce3a2e05c75e3072f13b1a69488a7311ac2459440ec561e58ca7a04538187a8c4d6aa7453064d85956f117ced
SSDEEP

768:RAt2PekI+FeQ0nmztqMy5sCzpYfI2lNuGLMIoR48iu94mr14Eux70eJ+Duj3Vt:ytUIUwBhz6RNgfaEa0+j3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
646abf38720c7301698c32bec62d84ce_JaffaCakes118

Files

646abf38720c7301698c32bec62d84ce_JaffaCakes118
.exe .js windows:4 windows x86 arch:x86 polyglot

fa5ecdfb87a18ce46473887895601655

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetCurrentProcess
Sleep
DeleteFileA
GetModuleFileNameA
GetEnvironmentVariableA
GetModuleHandleA
CreateProcessA
ExitProcess
lstrlenA
FindResourceA
LoadResource
LockResource
FreeResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
WaitForSingleObject
GetStartupInfoA

shell32

SHCreateDirectoryExA

advapi32

LookupPrivilegeValueA
RegRestoreKeyA
RegOpenKeyExA
RegSaveKeyA
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

msvcrt

sprintf
_access
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ