fd410fcb0b7d801895fdef929b8ee7f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd410fcb0b7d801895fdef929b8ee7f9_JaffaCakes118
Size

136KB
MD5

fd410fcb0b7d801895fdef929b8ee7f9
SHA1

39907d650f7f66b75e12030678a8eab44274cc41
SHA256

98dedc065146ec012e88810d1eb0077fd59bfb3bf66d5e588ad99c9a3358f40a
SHA512

4e8cb9c667f91ba94cce81a30b5388833b426e9438a91c9ac09d024baf1d1a7001f3e50d62a0472fbb1465aebaa5ed38e0a38e6d25efa30d3f05d6a52e7c2b0a
SSDEEP

3072:1EEggvCnLMPFrmPniIAH37LGADnHurHX7Ky4Pl:qFM1CniFrLjEK/t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd410fcb0b7d801895fdef929b8ee7f9_JaffaCakes118

Files

fd410fcb0b7d801895fdef929b8ee7f9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

45ae8229a6f201a4dfce0ff9ef9b8c63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwAllocateVirtualMemory
_memccpy
RtlAddAccessAllowedAceEx
ZwReplyWaitReplyPort

kernel32

GetDateFormatW
RemoveDirectoryA
WaitForMultipleObjects
GetStartupInfoW
GetModuleFileNameA
LocalFree
LocalAlloc
GetDiskFreeSpaceA
lstrcmpi
GetVersionExA
GetProcessHeap
CreateNamedPipeA
GetDateFormatA
FatalAppExitA
GetModuleFileNameW
lstrcpyn
GetLogicalDrives
OpenMutexW
FileTimeToSystemTime
lstrcpyW
GetProcessHeaps

user32

MonitorFromPoint
CopyIcon
RegisterWindowMessageW
FindWindowW
CharPrevW
LoadIconW
GetDC
mouse_event
GetKeyboardType
GetSubMenu
DefWindowProcW
SetWindowLongW
MessageBoxA
GetDlgItemTextA
BeginPaint

gdi32

GetTextColor
GetDIBits
CreatePen
DeleteDC
SaveDC

advapi32

RegFlushKey
RegCreateKeyExW

comdlg32

FindTextW
GetOpenFileNameW

shell32

Shell_NotifyIconW

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ