065d194ccaf61a685de032930141eb71_JaffaCakes118 | Triage

Sharing

General

Target

065d194ccaf61a685de032930141eb71_JaffaCakes118
Size

9KB
MD5

065d194ccaf61a685de032930141eb71
SHA1

ff8b6b96dce064a22bbe87794c85ff2fe5dd99fb
SHA256

7d43a7b6c21ee34dc6bdeb15d71b19fc2d390c41d899ee7278fc9bff19aae4b1
SHA512

3a4f70923a32f8302e047b72b21a118758358b7c8bc332ba276bee7b01d6e2cbc8d7fdf5c2e1593d836002048e992472e7930af9656cf82bf0544452dbfed6ab
SSDEEP

96:e7+d+YRCKV05iWbwiVNXjloRdUfZHhXArVWy4TPncN44ih7xEFPmoynCBFityfqY:1d+lw2fZ9jAbih7SPmoynCz2yyOv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
065d194ccaf61a685de032930141eb71_JaffaCakes118

Files

065d194ccaf61a685de032930141eb71_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5174f2c6d328e0505050809b728987e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
lstrcpyW
RemoveDirectoryW
CreateProcessW
SetCurrentDirectoryW
CopyFileW
GetTempPathW
lstrcatW
lstrlenW
WaitForSingleObject
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetModuleHandleW
MoveFileExW
DeleteFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetStartupInfoW

user32

DefWindowProcW
RegisterWindowMessageW
wsprintfW
MessageBoxW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
wcsrchr
wcscat
wcsncpy
??3@YAXPAX@Z
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WYCao
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ