89329e34487b6f317f8eb5f567585fa4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

89329e34487b6f317f8eb5f567585fa4_JaffaCakes118
Size

192KB
MD5

89329e34487b6f317f8eb5f567585fa4
SHA1

53314334e39d1bca35ed3413feb372addca6013a
SHA256

b6ae1d9484bcaac482a06ba7aa33d716b438d59ebaec4f2e27de18c7343b0a41
SHA512

4facdddfe316d56d70109aaf92395afdd02fba5477ea325d1a8a851a2d1b7bbb322ea723ce99d4867dcd39f77053c05dad50e6158cf9376f539979e40d221462
SSDEEP

6144:HUZU5ybhYu41iU6cVNauoAw7Gh+WiZ9BZYwQSixCi/ic:HU51Yu41iUCuLThYZYw8xCiJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89329e34487b6f317f8eb5f567585fa4_JaffaCakes118

Files

89329e34487b6f317f8eb5f567585fa4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

443f171adf78102839491b6270071b07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

PathAddBackslashA

kernel32

GetStartupInfoW
GetAtomNameW
GetSystemTimeAsFileTime
GetTickCount
IsDebuggerPresent
lstrlenW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
CreateProcessW
RaiseException
EnumResourceNamesA
GetEnvironmentVariableW
GetACP
MultiByteToWideChar
InterlockedCompareExchange
GetCurrentThreadId
WideCharToMultiByte
GetCurrentProcess
TerminateProcess
TzSpecificLocalTimeToSystemTime
GetCurrentProcessId
Sleep
lstrlenA
GetLocaleInfoW
LocalAlloc
InterlockedExchange
GetThreadLocale

setupapi

InstallCatalog
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

winmm

mciSendCommandA
sndPlaySoundA

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ