JaffaCakes118_6e4492c450facbae78de47de6549370e | Triage

Sharing

General

Target

JaffaCakes118_6e4492c450facbae78de47de6549370e
Size

176KB
MD5

6e4492c450facbae78de47de6549370e
SHA1

6482ed33c1d6c2ec15f5a1d498cbf4736d35faa5
SHA256

bc70120aeb040d7cd38a1457faa32d98dabadbf735f27326d4344dbfcb673395
SHA512

5f897ed57dd720c07124f82753d9b0370f9068f250041cd5bc12e0ce6dfc05cc9b78546f06906b88e60be1a6c566a37fa2c7802f9dae9ca3e6800e10ba1cd4f9
SSDEEP

3072:k4Ys+5za07DdiQ0Y23cWR4GlKnN90k6uP3bESavBXuasG2m//Q:NR+5W07QQ9dGlA9K6AS8+HG2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6e4492c450facbae78de47de6549370e

Files

JaffaCakes118_6e4492c450facbae78de47de6549370e
.exe windows:4 windows x86 arch:x86

94c17e2e45679de6a642a3ca77ab45a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW

kernel32

LoadLibraryExW
lstrlenA
VirtualQueryEx
lstrlenW
LocalFree
CopyFileW
CreateEventW
HeapSetInformation
FindNextFileA
CreateDirectoryExA
lstrcmpiW
CreateProcessW
GetFileAttributesA
EnumResourceNamesW
WideCharToMultiByte
lstrcmpiA
FindClose
LocalAlloc
LoadLibraryW
GetTempPathA
GetExitCodeThread
FindResourceExW
DeleteFileA
InterlockedCompareExchange
RemoveDirectoryA
lstrcmpA
FindFirstFileA
SetFileAttributesA
MultiByteToWideChar
DeleteFileW

ole32

StringFromIID
CoCreateInstance

advapi32

RegQueryValueExW
RegEnumValueW
RegCreateKeyW
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegDeleteKeyW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ