afc78dcad83e65a0d91c6093a305bc95_JaffaCakes118 | Triage

Sharing

General

Target

afc78dcad83e65a0d91c6093a305bc95_JaffaCakes118
Size

174KB
MD5

afc78dcad83e65a0d91c6093a305bc95
SHA1

fce8b9173d33dc7a8693cc51d0730822543c9671
SHA256

7d1ea258272e3d09705e21bd16b0f5110683451d7e9432046bfb069ab1893be0
SHA512

1642a5eedfad7101eb5555c6836803510a78f78a73093a00d5e1209492fcf9f9b57f585867b04f2cf19cce57fafbd94ef995ac0dcdfd3bef42e3e962b7a91133
SSDEEP

3072:UcD9VZG8OhISJg2hrabt245R9V38I/i0RtQrkHpZ9VF973Xd9a4jx:/5fG2uR5abt2mR9V38mcrklVvBX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afc78dcad83e65a0d91c6093a305bc95_JaffaCakes118

Files

afc78dcad83e65a0d91c6093a305bc95_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fdcb286e46e32bb274ed1035bf4b931c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegSetValueW

msvfw32

ICOpen
ICSendMessage
ICClose
ICDecompress

kernel32

GetShortPathNameA
GetCurrentProcessId
UnhandledExceptionFilter
CloseHandle
GetFileInformationByHandle
GetLastError
GlobalFree
EnumResourceTypesW
ExitProcess
CreateFileW
LoadLibraryW
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
GetVersionExW

user32

AdjustWindowRectEx
SetRectEmpty
GetWindowPlacement
SetCursor
InvalidateRect
GetClientRect
PostMessageW
FillRect

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ