b847f5d6e7ef8a91a7c7fccf58896267_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b847f5d6e7ef8a91a7c7fccf58896267_JaffaCakes118
Size

188KB
MD5

b847f5d6e7ef8a91a7c7fccf58896267
SHA1

69a794247fc8de64dc12a7f43edef0cb66672dfd
SHA256

cc4c8c169f741f41d5b5cbd85038804d06bd44bbb4ffde41f1fe352dd5c2c7af
SHA512

cae49148a7b27ee58c8b7c45de022840b825df53f54306e571edadf3be2d26d9ca09bc5f6d508c980af7378c1b3c888a25c9360daadf7ca11536cca0c8163f51
SSDEEP

3072:vkMYBobcSNVeKC5duPb2v7+3SqUrpDMDLNX0bE+5D6CckZOQNN7:vkLBxS/eKC5dYw7+3SqUKLDPp05N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b847f5d6e7ef8a91a7c7fccf58896267_JaffaCakes118

Files

b847f5d6e7ef8a91a7c7fccf58896267_JaffaCakes118
.exe windows:4 windows x86 arch:x86

543c9cc540f6b4306c1cac9e251f71a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

strncmp
perror
malloc
free
exit
fread
fopen
fgets
strrchr
fclose
fwrite
printf
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
sprintf
getenv
_XcptFilter
_iob
fprintf
_exit
__p___initenv
_strdup
_stat

kernel32

GetModuleHandleA
GetModuleFileNameA
QueryPerformanceCounter
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 164KB - Virtual size: 424KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE