JaffaCakes118_924f6894b7eaa578234c87fb3929a103 | Triage

Sharing

General

Target

JaffaCakes118_924f6894b7eaa578234c87fb3929a103
Size

127KB
MD5

924f6894b7eaa578234c87fb3929a103
SHA1

8f19486f627cc0f3da83ffc5e8e21b717645e66a
SHA256

a9af96637653fe15d53ce3f772d1ec12816375bad1ad6c0965acb2d8f7ba2c59
SHA512

8db8a81849de2b65a421fd114411e8d397445dc817d202e305a5f261e81f6e3e9d592f43b7b58a269971c29628512d4a34f7a3896c385eaa8bd8dffad979caac
SSDEEP

1536:hcSlTDd4nLWeHQb9nddS+IP4h3v2WcRvq0V1pXcEgW6/zxDMMgaRPdoZruV1Fq/Z:HlTWLWuU9nddSaGRvkNfVY/EyZAvM9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_924f6894b7eaa578234c87fb3929a103

Files

JaffaCakes118_924f6894b7eaa578234c87fb3929a103
.exe windows:5 windows x86 arch:x86

60245278bb39bc4c09656237781dd847

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

RemoveDirectoryW
GetLocaleInfoW
GetFileAttributesW
GetModuleHandleA
GetTickCount
GetFileAttributesW
FindClose
VirtualProtectEx
SuspendThread
TlsGetValue
CreateEventA
LocalLock
GetExitCodeThread
CreateDirectoryW
GetCurrentProcess
HeapFree
IsValidCodePage
SetPriorityClass
GetStringTypeA
SetLastError
FindResourceW

advapi32

ClearEventLogW
CreateServiceW
IsTextUnicode
RegCreateKeyExW
RegDeleteValueA
ControlService
IsValidSecurityDescriptor
RegEnumKeyA
IsValidAcl
CreateProcessAsUserA
IsValidSid
RegQueryValueW
InitializeSid

msctf

TF_InitSystem
DllCanUnloadNow
DllUnregisterServer
DllUnregisterServer

uxtheme

CloseThemeData

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE