00bbf067192d8bcd818f876ff8e24866_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00bbf067192d8bcd818f876ff8e24866_JaffaCakes118
Size

49KB
MD5

00bbf067192d8bcd818f876ff8e24866
SHA1

9d3e3044f455b38000e4e01d73bc2c851e7c52df
SHA256

07c2b8934793486ec016ee2916c9373a3b7139eab425443e09f3fa2ca38cf299
SHA512

b83e95a65dcd5572c334c34ddc60f568e9fe014753eb17c4f9d7d36cab99164370776b6a184d9e5eee8839bb9c926d552be76aad3ee62afc39d532152a4560a0
SSDEEP

1536:j9wcKt1qeFlJ950ngIMq3+pVTkaiLLnJLuHK:pMCurgfBV7BT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00bbf067192d8bcd818f876ff8e24866_JaffaCakes118

Files

00bbf067192d8bcd818f876ff8e24866_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0451f2bbf202297c582e56e873c3782c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ContinueDebugEvent
DisableThreadLibraryCalls
ExitProcess
GetThreadLocale
OutputDebugStringW
Process32First
ReadConsoleOutputCharacterA
RtlMoveMemory
RtlUnwind
ScrollConsoleScreenBufferA
SetFilePointer

advapi32

AccessCheck
CreateServiceA
CryptAcquireContextA
GetSecurityInfo
LogonUserW
MapGenericMask
RegDeleteValueA
RegEnumKeyExA
RegisterServiceCtrlHandlerW

user32

AnyPopup
AttachThreadInput
BeginDeferWindowPos
CreateAcceleratorTableW
DdeDisconnectList
DdeFreeStringHandle
DrawFocusRect
GetDlgItem
IsDlgButtonChecked
LoadStringW
RedrawWindow
SetMessageQueue
ShowOwnedPopups
UnregisterClassA

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE