8ccca5c513b7954a4ed9453fabe96327_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8ccca5c513b7954a4ed9453fabe96327_JaffaCakes118
Size

78KB
MD5

8ccca5c513b7954a4ed9453fabe96327
SHA1

3d6b20cc33c248dca4d988458f73fcf54660baa4
SHA256

ccf92f2f44f5b69ff65e306164040d943509a25f10e6f7389e2db43e252b5743
SHA512

1c9b3cebbcbba8df4911f361830c98150af2307a4a66f7b722f278884566692963896478534e4aea1ae0211e5399a628f9b6723afefb78b69bbabeb8fd170799
SSDEEP

1536:QDKXDaCTkk6UYyBgQrPFQ5Slsg/5M3LrTmC54+z+E2GuwW:obPPWWYsqOu+YGun

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ccca5c513b7954a4ed9453fabe96327_JaffaCakes118

Files

8ccca5c513b7954a4ed9453fabe96327_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c158fb944666c32b0d8128821c4f125a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
MoveFileA
WriteFile
lstrcpyA
LocalAlloc
LocalFree
FreeLibrary
LoadLibraryA
Sleep
GetModuleFileNameA
GetTempPathA
CheckRemoteDebuggerPresent
ContinueDebugEvent
WaitForDebugEvent
CreateProcessA
IsDebuggerPresent
GetCurrentDirectoryA
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
lstrcmpA
GetWindowsDirectoryA
lstrcatA
CreateFileA
CloseHandle
GetFileSize
lstrlenA
RtlUnwind
SetUnhandledExceptionFilter

user32

MessageBoxA

advapi32

RegSetValueExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

Sections

.text
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mappis
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ