038b0adbbba37356a94788e3c3ae43dc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

038b0adbbba37356a94788e3c3ae43dc_JaffaCakes118
Size

17KB
MD5

038b0adbbba37356a94788e3c3ae43dc
SHA1

916516609a8808b072e6a147736a13929d448138
SHA256

09aa38b9950c6f998e76bea06d699addd3bd5ead27901ad935640433e660d968
SHA512

e799c3abebf174a594d37a2fedfc8dd9044bbb531c8040c314aa11e4e1ce61c13d4ceee3c574a6b82f245fcb9a839493c44971b79ab6f47e31d95f392d8cd098
SSDEEP

192:+uBsjkLLpsotdZCjmPFWTZUXTwbFI4sI4eSyvVo/M8dg4I:+7j7oonUXE+gSyvVoUL4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
038b0adbbba37356a94788e3c3ae43dc_JaffaCakes118

Files

038b0adbbba37356a94788e3c3ae43dc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eb1f12bc3350f30dac6d3991dcc61a98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
LoadResource
GetTickCount
WriteFile
OpenProcess
Sleep
SizeofResource
TerminateProcess
ReadFile
SetFilePointer
VirtualAlloc
GetModuleFileNameA
GetModuleHandleA
VirtualProtect
WinExec
CloseHandle
DeleteFileA
FindResourceA
GetFileSize
lstrcatA
CreateFileA

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyA

msvcrt

memcpy
memset

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 298B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ