JaffaCakes118_409da52da2338efc6c12012533c69948 | Triage

Sharing

General

Target

JaffaCakes118_409da52da2338efc6c12012533c69948
Size

178KB
MD5

409da52da2338efc6c12012533c69948
SHA1

4969ed34a199dcea814c9fcf6ba2fa1ef0e355c4
SHA256

4e8db6891eb40a47d9f9bc23a81c7d2d887aaeb434bad1d44a1729d987838227
SHA512

a7caecc2669f3705a1e191b15e2d14e16b14025c6b476f110c6ace05a162e4aebbecbe8073c6ff686b42c7d347eb3e7dbb1a2bc88d67a5472beabe6eabcec45f
SSDEEP

3072:MhmgqIPf5nEaXXF/utBkU0RI07+ycDIUZgFSGtHMlpZzAqW2pIaX0Ycii7VjzwFq:UqIPxnEqXFmfkhgDZZgmBhVpIlDV3w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_409da52da2338efc6c12012533c69948

Files

JaffaCakes118_409da52da2338efc6c12012533c69948
.exe windows:4 windows x86 arch:x86

fa0e80dfe540c0546f811eb61c135ee2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

StringFromIID
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

advapi32

RegCloseKey
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA

kernel32

VirtualQueryEx
lstrlenA
GetSystemTimeAsFileTime
LocalAlloc
EnumResourceNamesA
CreateProcessA
RaiseException
WideCharToMultiByte
MultiByteToWideChar
OpenJobObjectW
InterlockedExchange

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ