e254e83899db63edd94362d3694ae647_JaffaCakes118 | Triage

Sharing

General

Target

e254e83899db63edd94362d3694ae647_JaffaCakes118
Size

73KB
MD5

e254e83899db63edd94362d3694ae647
SHA1

bccf2d460dae96a766d2978c4a5178e654e80dd8
SHA256

52633981af075259928529e089741f226aefb674c179982d1c45276c27e3667e
SHA512

b973848eccb726eaca1c9600493e91e4ab4d8ab8526dc4b0d2d1af09570cdefaae12930b84f2c56cb73306ce6cc663ef69d592899cecd8b5bc045a38576f9e40
SSDEEP

1536:p4MEpRNE4FMmRWEcT4YRFYNE3C4SIE/147M1gRQ/ESEhtRPDqIR844EiRr4WMkRN:p4MEpRNE4FMmRWEcT4YRFYNE3C4DE/1U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e254e83899db63edd94362d3694ae647_JaffaCakes118

Files

e254e83899db63edd94362d3694ae647_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fff1ad8138ba7909e15e822e062cb199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetModuleFileNameW
LoadLibraryExW
GetCurrentThread
GetEnvironmentVariableA
CreateFileW
FileTimeToSystemTime
ReadProcessMemory
GetModuleHandleA
OpenMutexA
VirtualAlloc
GetEnvironmentVariableW
SetLocalTime
GetTempPathA

untfs

Recover
Format
Extend
FormatEx
Chkdsk

advapi32

CreateServiceA
RegEnumKeyW
RegLoadKeyW
CryptSignHashW
RegCloseKey
RegOpenKeyA
LogonUserA
RegDeleteValueA
RegCreateKeyExW
OpenEventLogA
StartServiceA
RegRestoreKeyW
RegUnLoadKeyW
RegReplaceKeyW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.haw
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE