fc172b5cc734e0bf227818ab91dd7b65_JaffaCakes118 | Triage

Sharing

General

Target

fc172b5cc734e0bf227818ab91dd7b65_JaffaCakes118
Size

157KB
MD5

fc172b5cc734e0bf227818ab91dd7b65
SHA1

1d243aecd8f15afb57c760b500f30babb926236d
SHA256

0aee910a27b9c601f4a0d20020c27b141ba24532b297915b7b8aedef90be3a10
SHA512

3d81366d7f815d6820cc0e2ce505518fc99fd7fcbc9603aea4c96366404421b6fceb1d40898aecb5bf6112f7e31209b1118ce4f53b75459cd88ceb4aab3f70e6
SSDEEP

3072:yTLs1PIqF7EeVpXcmM62L/NAZhSCac7TxJ5jR+LBw2q:yTLs1PF1sm1226OJB+L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc172b5cc734e0bf227818ab91dd7b65_JaffaCakes118

Files

fc172b5cc734e0bf227818ab91dd7b65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a71b64a8658b327918302e053168bfb3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseCluster

user32

EnumDisplaySettingsW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW

kernel32

UnhandledExceptionFilter
ReplaceFileW
GetCurrentProcessId
Sleep
GetTickCount
GetProcessId
InterlockedExchange
InterlockedCompareExchange
IsDebuggerPresent
EnumResourceTypesA
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitProcess
GetCurrentThreadId
GetStartupInfoW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess

comctl32

InitCommonControlsEx

shell32

ShellExecuteW

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ