177885f07d08b0367fd06955c97da653_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

177885f07d08b0367fd06955c97da653_JaffaCakes118
Size

58KB
MD5

177885f07d08b0367fd06955c97da653
SHA1

faa8895d908531094d61804cbe757e073eaaff38
SHA256

c99df6b24bea706943a65cf081a47749e38d86995223df071fa47de0fe9e968c
SHA512

90016f31307099b32b5a690e811d26ac2723df26088da7e5581619c72710fdb7dc7b389ac2a643284e2b8ae65100bead17612d062712d371840b41ec7664c29d
SSDEEP

1536:IdHN2Kh6ENyLs3kBD4axXC+5yqgIYDlbp74SmNHlEPnu:KYFENyLs3kBD4aNCkyPpMXly

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
177885f07d08b0367fd06955c97da653_JaffaCakes118

Files

177885f07d08b0367fd06955c97da653_JaffaCakes118
.exe windows:4 windows x86 arch:x86

637b09e8fbb718fc9722a217ce673fb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
RegDeleteKeyW
RegQueryValueExA
WmiExecuteMethodW
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

lstrcmpW
GetVersion
GetCurrentThreadId
GetCurrentProcess
VirtualAlloc
GetLastError
GetProcAddress
QueryPerformanceCounter
GetTickCount
GetStartupInfoA
TerminateProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetModuleHandleA

Sections

.textbss
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ