JaffaCakes118_321d44e881d7468acc3af325674139cc | Triage

Sharing

General

Target

JaffaCakes118_321d44e881d7468acc3af325674139cc
Size

164KB
MD5

321d44e881d7468acc3af325674139cc
SHA1

52906492521a8c26a994e7e3980ad5714b423199
SHA256

4f26d28c38981433cc7924b6f28ec9b5c323a4cdeba2bd484b15a957d3040593
SHA512

d6dc0d6a8e82ab6416acad0fb99d5b6b2ed8ba9ca5dc929521ea26823d8f0df173f4ebd6a227091d835e6de230957b3fdc0fa5731db131f0c096be1a891b8bb6
SSDEEP

3072:OpVE+vos9pDVbz1ij/SgdqesZvpYhzlELMzHcXuGwBoyBJ:GCmos95XiGoqFZvpupELMzTGvy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_321d44e881d7468acc3af325674139cc

Files

JaffaCakes118_321d44e881d7468acc3af325674139cc
.exe windows:4 windows x86 arch:x86

65047e9becd214c95b6f371a09cfc27a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

ReplaceFileW
GetStartupInfoW
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetTickCount
GetProcessId
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
EnumResourceTypesA
GetSystemTimeAsFileTime
ExitProcess
InterlockedCompareExchange
GetCurrentThreadId
Sleep
IsDebuggerPresent
InterlockedExchange
GetCurrentProcess

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW

clusapi

CloseCluster

user32

EnumDisplaySettingsW

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ