faed1f56eaafea88c46b1abafe83a582_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

faed1f56eaafea88c46b1abafe83a582_JaffaCakes118
Size

284KB
MD5

faed1f56eaafea88c46b1abafe83a582
SHA1

06df9168986d0f7cf2bdb9cbd6755d735062f50d
SHA256

25e811c3caf72f08c856574ef7d60204685071aa130b99362645640b61069896
SHA512

b432ad65eab96244fefda92d74d2b4d76dd85bbcbdaec7b2967c00ff2c82577ba24e67fc5afa6e7e1510d3f8fa7dc8d850090024d05f8cd41855020a385d9bc4
SSDEEP

6144:aoG/JGjQnQTNgl979k4zyPr5tRdzB6hW+SVXRdF+VTqnaPhsesQck:c/AQnQwPE5tRd0h9IIhsOck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
faed1f56eaafea88c46b1abafe83a582_JaffaCakes118

Files

faed1f56eaafea88c46b1abafe83a582_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f410be963a09e0c6846b7943cd5c6d94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
OpenSemaphoreA
FlushFileBuffers
GetCurrentThread
GetStdHandle
GetEnvironmentStringsA
GetTimeFormatA
GetCurrentProcessId
IsDebuggerPresent
LoadLibraryA
GetCurrentProcess
VirtualProtect
GetACP
InterlockedExchange
FormatMessageA
GetThreadPriority
GetModuleHandleA
HeapDestroy
GetExpandedNameA
HeapCreate
WriteConsoleA

user32

EndPaint
BeginPaint
wsprintfA
FillRect
GetFocus
GetClassNameA
DrawTextA
GetWindowTextLengthA
SetForegroundWindow
FrameRect
GetWindow
GetTitleBarInfo
DragDetect
GetCursorPos
ShowWindow
GetParent
ReleaseDC
SetActiveWindow
GetDlgItem

advapi32

RegQueryInfoKeyA
RegCreateKeyA
RegCloseKey
RegFlushKey
RegEnumKeyA

clbcatq

CoRegCleanup

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ