f63f6b029aeace284d09a67b3a53a698_JaffaCakes118 | Triage

Sharing

General

Target

f63f6b029aeace284d09a67b3a53a698_JaffaCakes118
Size

145KB
MD5

f63f6b029aeace284d09a67b3a53a698
SHA1

befed0a008ae0b3d8cd48a91520f6ff9a03c6aaf
SHA256

d4db4d19b594aee5ea32d485fd85b8aedd2aef5732804308b32129a51e28f324
SHA512

ec64e2c2617f9bff6e9d7968927b388d5b3b356d6966c7df1a11c3b70520f6780d5ec97c600911dcc6eb3ff74b87e31caea8c5affd60a0352e2783162849e5d1
SSDEEP

3072:3ViATZgSL5ZllFpe7ITbsQIJzabJbHTwEs6mT9qVDkEmjxtG6f2Siv77Kxgn:liSLvDyUvZRlbHM+mhEWjxtG22SivJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f63f6b029aeace284d09a67b3a53a698_JaffaCakes118

Files

f63f6b029aeace284d09a67b3a53a698_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35094b1ce5a15d64d7b3cb6f7fd96b71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

clusapi

CloseCluster

comctl32

InitCommonControlsEx

kernel32

InterlockedCompareExchange
TerminateThread
QueryPerformanceCounter
IsDebuggerPresent
CreateIoCompletionPort
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcessId
EnumResourceNamesW
TerminateProcess
InterlockedExchange
ExitProcess
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

user32

EnumDisplaySettingsW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rscr
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ