3c8bbcdcdfbef84e8aacddc116535cdd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c8bbcdcdfbef84e8aacddc116535cdd_JaffaCakes118
Size

177KB
MD5

3c8bbcdcdfbef84e8aacddc116535cdd
SHA1

4a4c413ec6ff43d140399feaf9ee5d6ac037b9f3
SHA256

77d2f2600e93e688d25972c99276f6066ab8f9d3910ed70fa586821164d7642c
SHA512

fe03a0ef2d79c215c1a6fa1178f63c34653ddb385f2edf1d22a32f2a81343675ef08d680e3a8b942f06366ad90ffd1db503ce39194b3798f5177624734b23f0e
SSDEEP

3072:1Zi7CUkMLRoIB5/OyHLoLeEtqIYwUiWWwyiS42movRjsEy4LMoZ1JBvaOU5GlgoW:1k7CUkM1BH/OyH8DtPYwUi9l4XEPXviu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c8bbcdcdfbef84e8aacddc116535cdd_JaffaCakes118

Files

3c8bbcdcdfbef84e8aacddc116535cdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

085f9a324c854f6fc3eac288f76aab5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

oleacc

LresultFromObject
CreateStdAccessibleObject

advapi32

RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA

shlwapi

PathFileExistsW

kernel32

VirtualQueryEx
GetSystemTimeAsFileTime
MultiByteToWideChar
WideCharToMultiByte
EnumResourceNamesA
CreateProcessA
lstrlenA
LocalAlloc
RaiseException
OpenJobObjectA
InterlockedExchange

ole32

StringFromIID
ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ