42e8ebe82a818581a589686abed32433_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42e8ebe82a818581a589686abed32433_JaffaCakes118
Size

128KB
MD5

42e8ebe82a818581a589686abed32433
SHA1

ba4cba47ca30ef61a031c517ce83e652d8ccfa04
SHA256

d64bf7ecd89934df656ca33e902f1229a312b601333f2b1d81655f5a7c329755
SHA512

935c88130d026dcd8b4840970c6cb545178b737fd57049ec62468c3bd4f42ea228e072c1fac83b20dded2927f8bd70aa802823e06429f3bc6977035307d2b110
SSDEEP

3072:ZcV7cfkPqd0SfFndKUuDfdo1IKaeN18jkE7khBd4RCtyU:ZcVkkzSVdKRUIu4jkvhBdG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42e8ebe82a818581a589686abed32433_JaffaCakes118

Files

42e8ebe82a818581a589686abed32433_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eed21be151f62cf1e1091a81e3362f3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LocalFree
CreateFileW
WriteFile
LocalAlloc
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
UnhandledExceptionFilter
GetLocalTime
GetUserDefaultLCID
CopyFileW
lstrcmpiW
CreateEventW
lstrcpynW
SetEvent
GetModuleFileNameW
lstrlenW
lstrcpyW
lstrcatW
GetTempPathW
GetTempFileNameW
lstrcmpA
SetUnhandledExceptionFilter
DeleteFileW
CompareStringW
InterlockedDecrement
InterlockedIncrement
GlobalFree
CloseHandle

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
StgCreateDocfile
OleSetContainedObject
OleCreate
StringFromCLSID

msvcrt

memset
wcschr
wcstok
_wtoi
_wtol
malloc
wcslen
free

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ