c94237795f3bba46770924dc567cfd3e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c94237795f3bba46770924dc567cfd3e_JaffaCakes118
Size

136KB
MD5

c94237795f3bba46770924dc567cfd3e
SHA1

1200586ffe0ba1ad2be72f979a18c848fd3ea604
SHA256

d005766d4fe603956261ec6134092adf2e39b001247c9fc180d1c1a18412a168
SHA512

be3fe05ecf09a5cb75b0c462219529c13414ea10fb4aa7568d9d21ed7cfcf866f9e4114334c033bff3831910e597df4ec066461365ed0176cf97b93d167ac30c
SSDEEP

3072:62d7e0iatjYzaoGkxoNxwH1NhQ6mecIz0:6eS0iojYzaoz8xwXhho

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c94237795f3bba46770924dc567cfd3e_JaffaCakes118

Files

c94237795f3bba46770924dc567cfd3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a70599538a666c2449bf0bb60633670c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

InterlockedCompareExchange
TerminateThread
QueryPerformanceCounter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateIoCompletionPort
GetCurrentThreadId
InterlockedExchange
SetUnhandledExceptionFilter
EnumResourceNamesW
IsDebuggerPresent
TerminateProcess
GetStartupInfoW
ExitProcess
Sleep
GetTickCount
GetCurrentProcessId
GetCurrentProcess

clusapi

CloseCluster

comctl32

InitCommonControlsEx

shell32

ShellExecuteW

user32

EnumDisplaySettingsW

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ