3886d1d815015e32a2257786c8a34457_JaffaCakes118 | Triage

Sharing

General

Target

3886d1d815015e32a2257786c8a34457_JaffaCakes118
Size

170KB
MD5

3886d1d815015e32a2257786c8a34457
SHA1

9b58eb95b7a734c0edadea784cccfe8a67c75bcb
SHA256

b253a12786ebbdfbeaf1ed1cff959e32053b39ead628bff28f3e723ba58de2ee
SHA512

71debc823c92050707e28f1d8259258bdb1f45fae79073048e14ef03d3f6fa1261329eb6bedecfe989f74dfdda9aa56ab7daf788a3f903087db75aa7aae29d43
SSDEEP

3072:rkbqqcrraCzwYhXHtLjvE8bP8xXWdUSGgbhgJe+2krVD:rkbqqcrrZNX3PeSGgeEYVD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3886d1d815015e32a2257786c8a34457_JaffaCakes118

Files

3886d1d815015e32a2257786c8a34457_JaffaCakes118
.exe windows:4 windows x86 arch:x86

499d47986d7969e934ae2fa5c3cb007a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW

clusapi

CloseCluster

advapi32

RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetCurrentProcessId
ReplaceFileW
IsDebuggerPresent
GetTickCount
UnhandledExceptionFilter
GetProcessId
Sleep
TerminateProcess
SetUnhandledExceptionFilter
EnumResourceTypesA
QueryPerformanceCounter
GetCurrentThreadId
InterlockedExchange
ExitProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetStartupInfoW
GetCurrentProcess

comctl32

InitCommonControlsEx

user32

EnumDisplaySettingsW

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ