b6dfc8d8b065e0dab3ad4fdc946fb683_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6dfc8d8b065e0dab3ad4fdc946fb683_JaffaCakes118
Size

192KB
MD5

b6dfc8d8b065e0dab3ad4fdc946fb683
SHA1

6472dba93635eb5be9e9bc6dda73657c8fa98fa6
SHA256

127a1023b7f89fa14430835f2780cf01e37770ae9948046f9a004fa6086dbc18
SHA512

4003e8b823728ebb5586d5b5f311c91bd02f07d28dce20eb13dd19c02b134e91b3418540b2d4850d7d427f9a01a571465f1120fc95d10577f238e8a70868edbe
SSDEEP

6144:i0HI3Ckg3pfwW1WdX/VEN1yxCsmvsTJaddzsz:PuIfwWGGZsTJaddzsz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6dfc8d8b065e0dab3ad4fdc946fb683_JaffaCakes118

Files

b6dfc8d8b065e0dab3ad4fdc946fb683_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5db3950abe600447da78c1280f729e97

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IIDFromString
CoCreateInstance

advapi32

RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyA
RegCreateKeyExW
RegEnumValueW
RegQueryValueExA
RegDeleteKeyW
RegCloseKey
RegCreateKeyW
RegOpenKeyExA
RegDeleteValueW

psapi

GetModuleBaseNameW

kernel32

LoadLibraryExW
RemoveDirectoryA
CreateProcessW
CopyFileW
SetProcessWorkingSetSize
MultiByteToWideChar
lstrcmpiW
InterlockedCompareExchange
lstrlenW
LoadLibraryW
LocalAlloc
DeleteFileA
EnumResourceNamesW
GetExitCodeThread
FindClose
LocalFree
GetFileAttributesA
CreateDirectoryExA
lstrlenA
WideCharToMultiByte
Heap32ListNext
FindNextFileA
GetTempPathA
lstrcmpA
HeapSetInformation
CreateEventW
SetFileAttributesA
FindFirstFileA
lstrcmpiA
DeleteFileW

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ