JaffaCakes118_93dc3c374d77f8b13427aa37c1be2064 | Triage

Sharing

General

Target

JaffaCakes118_93dc3c374d77f8b13427aa37c1be2064
Size

176KB
MD5

93dc3c374d77f8b13427aa37c1be2064
SHA1

f16962644575b409f56ee76d171e9ea786884745
SHA256

2f9c901743c0f2ff6594dbc64acb7e767f8329c528512d9bc2e0566c2841c351
SHA512

ecb21e4dc9e345c08c1be53e87a1ced18b4c3b40fdda048638569cf31bd9455d89a6dfb585fff3ced7c8a21f839ff4337acebb85142881dbf772df6480dfe1ed
SSDEEP

3072:id62Ls2mpMC+dJB/1d+z4p2K2zh3dyjoHWc+cMywCZBMtz1nsZ0q95xSkkIMIyo:I6TAC8B/jjA1Zd/oZyHM11nNq9Cb1o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_93dc3c374d77f8b13427aa37c1be2064

Files

JaffaCakes118_93dc3c374d77f8b13427aa37c1be2064
.exe windows:4 windows x86 arch:x86

ea055e267503fea7a13457d6a2544611

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCreateKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyA
RegSetValueExA
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW

psapi

GetModuleBaseNameW

kernel32

InterlockedCompareExchange
FindFirstFileA
RemoveDirectoryA
VirtualQueryEx
GetFileAttributesA
CreateProcessW
SetFileAttributesA
lstrcmpiW
DeleteFileA
HeapSetInformation
CopyFileW
LoadLibraryExW
EnumResourceNamesW
lstrlenA
CreateEventW
LoadLibraryW
FindNextFileA
FindResourceExW
WideCharToMultiByte
MultiByteToWideChar
lstrcmpiA
FindClose
GetTempPathA
GetExitCodeThread
LocalAlloc
lstrcmpA
CreateDirectoryExA
LocalFree
lstrlenW
DeleteFileW

ole32

StringFromIID
CoCreateInstance

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ