JaffaCakes118_e7197d2a6259cc318520a10de50c3a20 | Triage

Sharing

General

Target

JaffaCakes118_e7197d2a6259cc318520a10de50c3a20
Size

181KB
MD5

e7197d2a6259cc318520a10de50c3a20
SHA1

e360189fef5bb2727bc143a898e8a075c949f3e5
SHA256

22a6f9f299cc529bc0dec2fed19665973ea2bcdd863e252c52c0e32660e84257
SHA512

b16138a457068c9f1c4dcb1ec06897653b9b30ae7ea658d06e130324ae2a7729ad2f5a055ae4f23ef198b623813567b2778f51f0b4ac04d8e0e8670dcf9e2002
SSDEEP

3072:IcAz/44tIR4ra5NUSKS8PaSwY+M5jrTe9GRluCFj7mk1kR/pqXziDk+x7HA+Kqv2:I5zwOIqcZ4aSwYtVl1Fnmk1kW2DkGDQX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_e7197d2a6259cc318520a10de50c3a20

Files

JaffaCakes118_e7197d2a6259cc318520a10de50c3a20
.exe windows:4 windows x86 arch:x86

c89d4f8a43e0406927565fbbbe20ec79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
SetEndOfFile
GetAtomNameW
LockFile
FileTimeToSystemTime
GetVersionExA
GetFileType
GetVolumeInformationA
FlushFileBuffers
EnumResourceNamesA
IsDBCSLeadByte
FileTimeToLocalFileTime
CompareStringA
UnlockFile
GetFileTime
TzSpecificLocalTimeToSystemTime
FindResourceExW
SearchPathA
GetUserDefaultLangID
GetProfileStringA
GetSystemDirectoryA

setupapi

InstallCatalog
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

shlwapi

PathAddBackslashA

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ