dff9b6818a05e878b407bb6edbd066af_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dff9b6818a05e878b407bb6edbd066af_JaffaCakes118
Size

178KB
MD5

dff9b6818a05e878b407bb6edbd066af
SHA1

aa9774e9094e320e83e5292240a74884196b8328
SHA256

8054518e4ebf4b4cdb344ba9c9edacac988224d1d0e7b324d8a5e76f777ade88
SHA512

b16b6c982bf8d73a4f9f14e16b1154f4796dd531f60df821711f1030111cdbe983eb836ce879dfd0a92a583ab424ab18451a245ccf5d6f10cf277ff116adfb4b
SSDEEP

3072:/mGm21LY8dSvgl3+4hiQgIcer94p76tfs8WCIx9SwsL7bm+KTFKIr5HSfoVzFGOb:+Gm2ZY81kQgDMEXCSEbsTF1SSBM5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dff9b6818a05e878b407bb6edbd066af_JaffaCakes118

Files

dff9b6818a05e878b407bb6edbd066af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

608e7b7549b543fc393912f328c42adf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExW
RegCreateKeyA
RegCreateKeyExW
RegQueryValueExW
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegEnumValueW
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyExA
RegDeleteValueW

kernel32

DeleteFileA
SetFileAttributesA
lstrcmpiA
WideCharToMultiByte
VirtualQueryEx
HeapSetInformation
CopyFileW
lstrcmpiW
GetTempPathA
MultiByteToWideChar
CreateEventW
CreateProcessW
GetFileAttributesA
InterlockedCompareExchange
lstrlenA
GetExitCodeThread
EnumResourceNamesW
FindClose
Heap32ListNext
FindFirstFileA
LoadLibraryW
LocalAlloc
CreateDirectoryExA
FindNextFileA
LocalFree
LoadLibraryExW
lstrlenW
RemoveDirectoryA
lstrcmpA
DeleteFileW

psapi

GetModuleBaseNameW

ole32

IIDFromString
CoCreateInstance

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ