68218bbeefebc9ae1df37d27988b98be_JaffaCakes118 | Triage

Sharing

General

Target

68218bbeefebc9ae1df37d27988b98be_JaffaCakes118
Size

179KB
MD5

68218bbeefebc9ae1df37d27988b98be
SHA1

8e8cea39200dc0462d094c6a651cdeb415751ccf
SHA256

e57b80557d0a3867c6c58250eafef39412c5e0ad5cdafc18084497d55832f4f8
SHA512

69782592c2cc0193a1f1b63d0e02f736f98fee6169abafd19955f9bd2810923d503a46df5938e9108ff1f4c02663b85e2b6c3a7097272d1d715b6f8676c273f2
SSDEEP

3072:SnyIOV+y8cO6ntl8muGa/N7vQ3jZ6Prhl4nm+7jq7Hdpzdv2YSj/isUivKHX9G:SyII+NSuh/N7vQtQ4pOtkj/ismH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68218bbeefebc9ae1df37d27988b98be_JaffaCakes118

Files

68218bbeefebc9ae1df37d27988b98be_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7dafb03dc28a8d13a3566f4def1d4d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

setupapi

InstallCatalog
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

winmm

mciSendCommandA
sndPlaySoundA

kernel32

TerminateProcess
GetCurrentThreadId
RaiseException
GetAtomNameW
GetACP
GetModuleHandleW
GetCurrentProcessId
WideCharToMultiByte
GetLocaleInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrlenA
EnumResourceNamesA
GetSystemTimeAsFileTime
LocalAlloc
InterlockedExchange
CreateProcessW
GetEnvironmentVariableW
QueryMemoryResourceNotification
GetTickCount
InterlockedCompareExchange
MultiByteToWideChar
QueryPerformanceCounter
Sleep
lstrlenW
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
GetThreadLocale

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

PathAddBackslashA

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ