163065dc026a90ad3454913a0bec3b4a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

163065dc026a90ad3454913a0bec3b4a_JaffaCakes118
Size

155KB
MD5

163065dc026a90ad3454913a0bec3b4a
SHA1

493b0f7131963403b9a69bdf8b25191b52f9bb73
SHA256

af67c3f9fc01bc7594d9da587e0493205b07814a42e19312d58fd173c260b428
SHA512

71ea1c8cc522e45dc6cfda97c06262e398b0226bca53e226494073f654825b60947660c1e7e3fd601f4b55f988e3a0ca7a963d051a902c4c2206b8607a6ca055
SSDEEP

3072:tt5HcGbsJwWxFv5l/43f7usp060FS6imDE4XJ/HPc8aBbWXN07:n5HcGbKBfBlwv6spmU6i4Bk8cWd07

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163065dc026a90ad3454913a0bec3b4a_JaffaCakes118

Files

163065dc026a90ad3454913a0bec3b4a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e2668bc82cd61756f93bd1b9c66f8b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
GetCommandLineA
RtlUnwind
GlobalFlags
GetModuleHandleExW
GetEnvironmentStringsW
GetProcessVersion
GetProcAddress
SetLastError
GetLastError
FreeLibrary
lstrcmpiA
lstrlenA
GetModuleHandleA
GetVersion
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetEnvironmentVariableA
LocalFree
GetVersionExA
FreeEnvironmentStringsW
LoadLibraryA

shell32

ShellExecuteExW

shlwapi

SHDeleteKeyW
PathCombineW

ole32

OleInitialize
CoQueryProxyBlanket
CreateAntiMoniker
OleUninitialize

Sections

.text
Size: 56KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 314B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ