86cadce9f014af74bcfd5d057d74a696_JaffaCakes118 | Triage

Sharing

General

Target

86cadce9f014af74bcfd5d057d74a696_JaffaCakes118
Size

986KB
MD5

86cadce9f014af74bcfd5d057d74a696
SHA1

87716927c2b7b1f7619e550d8a284b5405e09cf0
SHA256

9839317c705932646b8c8880414ae2b25ff435969adbeb82e43da7f955a107c7
SHA512

89474f81bd0cfebf956939af679ac0dec53b68f6ce33dd408e8d9e643d2bea0a312eddb8ba948e994607e04245d84a15701559884464689bb58bb785c87e2a73
SSDEEP

24576:O3yR8AFPi9D3N9yyKSHYpDDD2u+fdXYl8H:n8Wi9p9yj5SIl8H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86cadce9f014af74bcfd5d057d74a696_JaffaCakes118

Files

86cadce9f014af74bcfd5d057d74a696_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94465a5656b9b3c15897105f22a7f2e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetExitCodeThread
UnmapViewOfFile
QueryPerformanceCounter
GetTickCount
GetLastError
CopyFileW
ExitProcess
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
MapViewOfFile
GetStartupInfoW
InitializeCriticalSection
CreateEventW
CreateFileMappingW
GetSystemTimeAsFileTime
WaitForSingleObject
GetStartupInfoW
CloseHandle
GetVersionExA
DeleteCriticalSection
GetModuleHandleA

tapi32

lineUncompleteCall
lineAccept

user32

LoadCursorW
TranslateMessage
LoadIconW
PostMessageW
PeekMessageW
DispatchMessageW
EnableWindow

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ