848a8550b542e1a270903afe28a7074d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

848a8550b542e1a270903afe28a7074d_JaffaCakes118
Size

124KB
MD5

848a8550b542e1a270903afe28a7074d
SHA1

5efc52719d5f0843fff8d3c1a4a7ca8ccd70ce7d
SHA256

2e79e754c47cbdc790e9cc7d83ad0bc8d6582b07b70adf3705114d821cab5f63
SHA512

185dc7f1ce1f54e52919ba4e7a9fc12ffb2866efc48d99f4897c1b6285eb21f972c55ff36960fe9a127f21a6eb50127897a58ea285616ba61962e4573b950139
SSDEEP

3072:2XvF0vkJNbvo+P0ZVITvrQFlj/7YOwqD8Zq:2XvFskLvoNrIPSljE6f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
848a8550b542e1a270903afe28a7074d_JaffaCakes118

Files

848a8550b542e1a270903afe28a7074d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d728c9d3140d9c465f026e071737e913

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

comctl32

InitCommonControlsEx

shell32

ShellExecuteW

user32

EnumDisplaySettingsW

kernel32

UnhandledExceptionFilter
TerminateThread
GetSystemTimeAsFileTime
TerminateProcess
InterlockedCompareExchange
CreateIoCompletionPort
Sleep
QueryPerformanceCounter
EnumResourceNamesW
GetCurrentProcessId
IsDebuggerPresent
GetCurrentThreadId
GetTickCount
ExitProcess
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess

clusapi

CloseCluster

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ