JaffaCakes118_979b6f89bd5e28f9d747361f914c5b51 | Triage

Sharing

General

Target

JaffaCakes118_979b6f89bd5e28f9d747361f914c5b51
Size

176KB
MD5

979b6f89bd5e28f9d747361f914c5b51
SHA1

b3e1e65aadeac329fd81282647e7888c76b9f5f1
SHA256

79e42dbb5febaba9532b531145e70a910f0019b505f5909ae49d24333434f559
SHA512

4e7c997dcd212773026fe5b7e64396534613b8b4f12284ed98bb7bf4f0c70dc48360f0e513263888e0500156dd984ccc93c7a17da4e799f9ea4b1c716da166b6
SSDEEP

3072:ffPf5ZS37V242C9A3B8jv0lkpkPT/C0jqIZoyhXt/LJ8ZpepH5Pqn:ffvS37Y4H9A3B84mkTC02IZ7hXBLupQZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_979b6f89bd5e28f9d747361f914c5b51

Files

JaffaCakes118_979b6f89bd5e28f9d747361f914c5b51
.exe windows:4 windows x86 arch:x86

98cdab820e0b4c7e4ca440b38b30a70e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW

ole32

IIDFromString
CoCreateInstance

kernel32

lstrcmpiW
VirtualQueryEx
LocalFree
CreateDirectoryExA
CreateProcessW
DeleteFileA
lstrlenW
lstrcmpA
WideCharToMultiByte
CreateEventW
RemoveDirectoryA
LoadLibraryW
GetFileAttributesA
lstrcmpiA
GetExitCodeThread
CopyFileW
EnumResourceNamesW
FindClose
LocalAlloc
FindFirstFileA
Heap32ListNext
FindNextFileA
SetFileAttributesA
LoadLibraryExW
HeapSetInformation
lstrlenA
InterlockedCompareExchange
GetTempPathA
MultiByteToWideChar
DeleteFileW

advapi32

RegCreateKeyW
RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegCreateKeyA
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegEnumValueW
RegDeleteValueW

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ