74b389f57a068e4b64a49f0f7b6e9372_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74b389f57a068e4b64a49f0f7b6e9372_JaffaCakes118
Size

35KB
MD5

74b389f57a068e4b64a49f0f7b6e9372
SHA1

0a69eacd5eeb9a88a6ea1fce640df0f8806b34f2
SHA256

0c50242f7361158f8e69995d7396764b788b237fc80f27735c2f3c37d529142a
SHA512

362b46f5ff5a797931a15e967a350c498771d2b7fd734a2db2548bb915c1e070bdf9a22e5b94ae43b97637c63dd03f38a3aaaf26b18ebe421cd1da8201801c13
SSDEEP

768:TM0I1fP4WhNzSO1sVz07uuX1pyJmPkervBgr+BPG:TM9lP4WhdSO1sdyX1psmrpnG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74b389f57a068e4b64a49f0f7b6e9372_JaffaCakes118

Files

74b389f57a068e4b64a49f0f7b6e9372_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b5d6a25231ead49b2f22b30da98ed18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetModuleFileNameA
GetProcAddress
GetSystemDefaultLCID
GetVersion
LoadLibraryA
GetFileTime
SetFileTime
VirtualAlloc
VirtualFree
WriteFile
lstrcatA
ExitProcess
CreateFileA
CreateDirectoryA
MoveFileExA
CloseHandle

user32

EnumChildWindows

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

SHGetFolderPathA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE