098d0c643bc0a58b5b38c2827027e232_JaffaCakes118 | Triage

Sharing

General

Target

098d0c643bc0a58b5b38c2827027e232_JaffaCakes118
Size

184KB
MD5

098d0c643bc0a58b5b38c2827027e232
SHA1

315748aadf3fb9b3c149c03fbddd83775a2c3e87
SHA256

b667489922330ed19d0e03784cdbef2be5a3813844879e7c2871d88fbcdc9471
SHA512

cfd6d4b5a5c556272145a5c6d2ea277463e6d1709feca902fc545673826189bb66acf081b80e36db5911f3ace659ed2fcbc18135c755ed457c2a72bb7628f80c
SSDEEP

3072:O7BD7vfKZajkOZHMGc1/zJGAxiojftik:+f3Ea7ZsGAGwd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
098d0c643bc0a58b5b38c2827027e232_JaffaCakes118

Files

098d0c643bc0a58b5b38c2827027e232_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6b225024abd2519f7813f7149388173

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
RegFlushKey
RegCreateKeyExW
RegCreateKeyA
RegLoadKeyA
RegEnumValueW
RegCreateKeyExA
RegQueryInfoKeyA
RegOpenKeyW
RegEnumValueA
RegLoadKeyW
RegQueryValueExW
RegEnumKeyW
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyA
RegCreateKeyA
RegDeleteKeyW

kernel32

ExitProcess

user32

GetScrollPos
GetCursor
IsWindow
LoadMenuA
EndDialog
DrawTextA
DialogBoxParamA
BeginPaint
CopyImage
GetScrollPos
GetScrollInfo
CreateIcon
CopyImage
GetWindowTextLengthA
LoadMenuA
AppendMenuA
DrawIconEx
IsWindow
DialogBoxParamW
CreateIcon
DrawTextW
EndDialog
DrawIcon
AppendMenuW
InsertMenuA
GetWindowTextLengthA
LoadCursorA
GetScrollInfo

Sections

.lemj
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mcfp
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhkkn
Size: 131KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ghcl
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.deda
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE