524788fc4dddec2a7a13a6d3135be692_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

524788fc4dddec2a7a13a6d3135be692_JaffaCakes118
Size

150KB
MD5

524788fc4dddec2a7a13a6d3135be692
SHA1

298a2e796c0dadaca12d96c2493c131476462905
SHA256

f088a861b694a732131d4407645c9bc365fac2de49b4aaa165fe6b2d2957067c
SHA512

3c7bdb4372cef8b8f6bb4348d254ca96daf49baf0f70796f07cc8330de515c5ec9efc6c0342c3d247fca444c6b68436beee02eb952268e895191d45472f3b9b1
SSDEEP

3072:ZPOp5/NF6Zt9TnYR1jiAjw0pplw+5Y67RAw2cA4y3kKVgYEvA:uNFut9TnYGRmlveySxqy3kD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
524788fc4dddec2a7a13a6d3135be692_JaffaCakes118

Files

524788fc4dddec2a7a13a6d3135be692_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2128b712e2b6a441018bf8fe8d8bea8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA

kernel32

CloseHandle
GetStdHandle
GetProcAddress
GetModuleFileNameA
FreeLibrary
GetCommandLineA
VirtualAlloc
LocalAlloc
GlobalDeleteAtom
ExitProcess
Sleep
LoadLibraryA
ExitThread
DeleteFileA
VirtualAllocEx
GetLocalTime
GetLastError
GetCurrentProcessId

comdlg32

GetFileTitleA

shlwapi

PathFileExistsA
PathIsContentTypeA
SHDeleteKeyA
PathIsDirectoryA
SHQueryValueExA
SHStrDupA
SHDeleteValueA
SHSetValueA
PathGetCharTypeA
SHGetValueA

version

VerFindFileA
VerQueryValueA

shell32

SHGetSpecialFolderLocation
DragQueryFileA
SHGetFolderPathA
SHGetDiskFreeSpaceA

msvcrt

clock
time
malloc
srand
memmove
memcpy

Sections

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 118KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE