8600637b3c842c27de687c68f9c06a41_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8600637b3c842c27de687c68f9c06a41_JaffaCakes118
Size

176KB
MD5

8600637b3c842c27de687c68f9c06a41
SHA1

eccc03fd92da1f719fcd26bf174d874738354510
SHA256

b3101c48ad7c55deeef05579d82c4dc7111ddbcd785fb2454b49a8411432e0ca
SHA512

1526ee5b76eaf89e169a98a69fd0348adba5395a9dc9d221e3956041a8a82a9c22e0b5339816a64def61f387a3b50435b510d5f4645b6752edfd9360aa938196
SSDEEP

3072:zESjB3okCVKXGlIopi9+raBqDew4bCJVqMN2BtT6Hp9nc2d8qGBoRDBZw7CHJIc:PjWRQXQpi96aCmcUB8H3ncsGBoRNK7Yh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8600637b3c842c27de687c68f9c06a41_JaffaCakes118

Files

8600637b3c842c27de687c68f9c06a41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfdefa06c9b3982998759ce901d2714f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

kernel32

VirtualAllocEx
RaiseException
MultiByteToWideChar
lstrlenA
EnumResourceNamesW
GetSystemTimeAsFileTime
CreateProcessA
WideCharToMultiByte
LocalAlloc
OpenWaitableTimerW
InterlockedExchange

rpcrt4

NdrFixedArrayFree
UuidCreate

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ