e81eef3599feedf801910852d7c30fd2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e81eef3599feedf801910852d7c30fd2_JaffaCakes118
Size

168KB
MD5

e81eef3599feedf801910852d7c30fd2
SHA1

70901c7e7ba9c0fef0f017fcf6625b51663b047c
SHA256

3d1542d05fb0ec710248a0c521c8d1dff7d86d9cafc1a515dc78b1fc918ac6ef
SHA512

8f252737906986edd1cbbb187434bb8dda1ff0ea1b94c038a0982e8df29f661ad2e8cee170b7cff1ce46029823fc13cbde232cb49b6d23bc24efd9d06978723f
SSDEEP

3072:aawiXrSr2US6F6AR2LzBveTl5dShOvvMeEN942n1n8aXHzbc5JDQCkDiwO6:hSaUhF2foghOvEeemu1tXzbcfDUmwO6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e81eef3599feedf801910852d7c30fd2_JaffaCakes118

Files

e81eef3599feedf801910852d7c30fd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a60d6d849679ace6e19d50310af232c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LoadLibraryExW
CompareFileTime
WaitForMultipleObjects
GetConsoleCP
AddAtomA
GetCommandLineA
GetModuleHandleA
GetSystemDefaultLangID
HeapReAlloc
InterlockedExchange
GetStdHandle
WaitForSingleObject
VirtualProtect
GetVersion
GetProfileIntA
HeapCreate
GlobalUnlock
SuspendThread
CloseHandle
GetTickCount

user32

CopyRect
CreateCaret
FindWindowA
InvertRect
GetKeyState
SetScrollInfo
DispatchMessageA
IsDialogMessage
GetCursorInfo
GetKeyboardLayout
DialogBoxParamA
DragObject
CreateCursor
SetWindowPos
SetPropA
CreateMenu
EnableScrollBar
InsertMenuA
CreateIcon
GetDlgItem
DrawCaption
CopyImage
MessageBoxA
DestroyMenu

advapi32

RegEnumKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegCloseKey
RegEnumValueA

apphelp

GetPermLayers

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ