cf3f27e25b6f8991048a6ac11244e806_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf3f27e25b6f8991048a6ac11244e806_JaffaCakes118
Size

24KB
MD5

cf3f27e25b6f8991048a6ac11244e806
SHA1

67c178fde5215ec88c228b7d947ce8ac54c30e3e
SHA256

ee45ed4eb213bef693fe05426f92ed5a0540c4134c1432fdaf9c9ae6afcacd25
SHA512

41355645f560eafa5aeae6cc2e955c65c036f339b791c40d838f1e2f478d8d4b1b6a14441c15c6dba22cd670e401b558396fdecbd0d8f1a2f184abd3ec0f814a
SSDEEP

384:WqWlIvw11VTTUOSeUobiMm+NZNRBSQ8Z6btmQTNDh15XpPIx:Wdlh1LvSeFbXDBSTI775XCx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf3f27e25b6f8991048a6ac11244e806_JaffaCakes118

Files

cf3f27e25b6f8991048a6ac11244e806_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2a4d86288bb3eba3330125ae8f35f96b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA

kernel32

VirtualQuery
TlsFree
HeapSize
VirtualProtect
WideCharToMultiByte
GetDriveTypeA
DisableThreadLibraryCalls
HeapReAlloc
HeapDestroy
MultiByteToWideChar
HeapCreate
ExitProcess
LocalFree
IsDebuggerPresent
ReadFile
CreateFileA
GetModuleHandleA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
VirtualAlloc
TlsAlloc
HeapAlloc
GetLastError
TlsSetValue
VirtualFree
SetUnhandledExceptionFilter
TlsGetValue
FormatMessageA

user32

MessageBoxA
wsprintfA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ