f620c61a33880a621e846a9aa7c07f6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f620c61a33880a621e846a9aa7c07f6a_JaffaCakes118
Size

64KB
MD5

f620c61a33880a621e846a9aa7c07f6a
SHA1

8da3f917295b116f04b6acb6bdd2b40df539f225
SHA256

9a04fc7992f71f6216d509d5a26af37a81e52f57e8704704b29579e0330fe1f4
SHA512

eb191a7ef135d568d6d6b4c3cb1f6133363ebbf2c6468354f9501c1a3b73f7609450c162dbbd1cbabb1733bf7a48f14c3f9419436880217dab30417161cf6782
SSDEEP

1536:YaFzBkbtrUZM84tV/l5tZmjqgNvuxVxy:DFqxrUZLABtZWNWxXy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f620c61a33880a621e846a9aa7c07f6a_JaffaCakes118

Files

f620c61a33880a621e846a9aa7c07f6a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

039e47bd1298232c390c842000ee1cc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetDriveTypeW
GetSystemTime
FindFirstChangeNotificationW
FindNextChangeNotification
GlobalFree
ReadFile
FindNextFileW
WaitForSingleObject
GetLogicalDrives
CreateThread
CreateEventW
TerminateThread
SetThreadPriority
GetProcAddress
CreateFileW
DeleteFileW
GetVersion
FreeResource
FileTimeToSystemTime
FindResourceExW
WideCharToMultiByte
LoadResource
WritePrivateProfileStringW
GlobalAddAtomW

user32

GetWindowThreadProcessId
DefWindowProcW
DestroyMenu
LoadCursorW
SetWindowPos
DispatchMessageW
SystemParametersInfoW
PostMessageW
IsWindow
DestroyIcon
wsprintfW
CreateWindowExW
GetWindowRect
PostThreadMessageW
WindowFromPoint
GetClassNameW
SetWindowTextW

gdi32

SetBkMode
DPtoLP
DeleteObject
CreateSolidBrush
CreateCompatibleDC
SetMapMode
MoveToEx
CreateBitmap
CreateDCW

advapi32

RegQueryValueExW
StartServiceW
RegNotifyChangeKeyValue
LookupPrivilegeValueW

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE