f1d9419744933105fe9af8d0691c016d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1d9419744933105fe9af8d0691c016d_JaffaCakes118
Size

18KB
MD5

f1d9419744933105fe9af8d0691c016d
SHA1

706962de3e6f4382a61e991aad668d42b1f6711f
SHA256

02f35ef1f9659beaf744fe9a548ee72805f6ddcebdb2303e8699cddeaea2c06c
SHA512

bc6d690391d3ebca46523ca02ae400a6b5aa71368f8dba1a5e4ea613704b64c1762503ebb2f2ce9636dc5297070325011c2eca9d1cc998c2a249c106c9f27d18
SSDEEP

192:5N3WoRE5EAmDEPARuAMf3SwwbLo5I+WRlT6Omb5NaT8nIS/mFyngTlQMp+:5hWpE2AMJwUp0YPPE8n3/mFeklzp+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1d9419744933105fe9af8d0691c016d_JaffaCakes118

Files

f1d9419744933105fe9af8d0691c016d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

426a545fe80d68635f88461563757201

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineA
GetLastError
GetModuleHandleA
GetWindowsDirectoryA
CreateMutexA
Sleep
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
CreateFileA
CopyFileA
ReadFile
CloseHandle

user32

EndPaint
GetForegroundWindow
EndDialog
GetMessageA
GetWindowTextA
LoadIconA
MessageBoxA
SendMessageA
SetWindowsHookExA
UnhookWindowsHookEx
BeginPaint
GetKeyNameTextA
CallNextHookEx
DrawIcon

wsock32

htons
inet_addr
recv
send
socket
connect
closesocket
WSACleanup
WSAStartup

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ