01d9df6c0c23b942845b30a7c9dc3472_JaffaCakes118 | Triage

Sharing

General

Target

01d9df6c0c23b942845b30a7c9dc3472_JaffaCakes118
Size

636KB
MD5

01d9df6c0c23b942845b30a7c9dc3472
SHA1

b30b0d5127b64821054f96f2ed1719c062352faf
SHA256

ee06d148930a17c9e110b932fe8e790e99cb053d0dddd7afdb2ec5f0636f4ce5
SHA512

b7064a7bbd07692f984bb5f740c3c5c077be71d7a22d84f27fd24ef89f934fd8f02c96d42291dce58fa0daa5954f70438f9fbb68e4f31b445d9742dc228efe36
SSDEEP

12288:GyWFNcU2j2IK66uxQf0XCFo20551DfE2RRU/pGV44Vg69MwbO+kPzd1lHYi0myMr:oFNcrj2INQf0XCypfE2fUkg6vbKd3Y+x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01d9df6c0c23b942845b30a7c9dc3472_JaffaCakes118

Files

01d9df6c0c23b942845b30a7c9dc3472_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3dbfa2d0ecd106614356f91987aa4377

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
VirtualProtect
InterlockedExchange
GetSystemDefaultLangID
GetTickCount
GlobalUnlock
SetConsoleCP
GetAtomNameA
LoadLibraryExA
GetCommandLineA
WaitForSingleObject
lstrlenA
GetVersion
WaitForMultipleObjects
SuspendThread
GetStdHandle
HeapReAlloc
CloseHandle
HeapCreate
GetConsoleCP
GetModuleHandleA

user32

DialogBoxParamA
GetDlgItem
IsDialogMessage
SetScrollInfo
CreateIcon
GetCursorInfo
CopyImage
GetKeyboardLayout
FillRect
EnableScrollBar
DragObject
DrawCaption
SetPropA
FindWindowA
InvertRect
SetWindowPos
InsertMenuA
GetKeyState
DispatchMessageA
CreateMenu
DestroyMenu

advapi32

RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegEnumKeyA

apphelp

ApphelpCheckExe

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ