03be38a61d6a3d8e8611c169917d2302_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03be38a61d6a3d8e8611c169917d2302_JaffaCakes118
Size

23KB
MD5

03be38a61d6a3d8e8611c169917d2302
SHA1

2385272b659986aa151807dfda776148cd289591
SHA256

eb5b2be6b3295a5eb6d7a08e39de914b1d9b659c1e3572a34d3faebb873fb04b
SHA512

31932ff14cd30dff6e19959f787868a2f9668801470483cf0791d53c8b275e3d54002454537217972aa3fe7ed59e90142c12345195c066592ec0c284cd61baa2
SSDEEP

192:YP+ivee6haOaNjPMfbbi0p9GfAmsCmjPGIE26dI6Y7GrZrqTfMXLlPkmCV0A2csT:YP+lEt14gvPxxy0qLNgL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03be38a61d6a3d8e8611c169917d2302_JaffaCakes118

Files

03be38a61d6a3d8e8611c169917d2302_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8156d21db538d3027a24172d15535eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
OpenProcess
GetProcAddress
LoadLibraryA
GetModuleHandleA
Sleep
CreateToolhelp32Snapshot
ReleaseMutex
CreateMutexA
GetCurrentProcess
GetCurrentThreadId
Process32First
Process32Next
GetLastError
lstrlenW
CreateThread
WideCharToMultiByte
SetUnhandledExceptionFilter

user32

GetInputState
FindWindowExA
FindWindowA
wsprintfA
SendMessageA
GetMessageA
PostThreadMessageA
PostMessageA

advapi32

RegCloseKey
LookupPrivilegeValueA
RegSetValueExA
RegOpenKeyA
OpenProcessToken
AdjustTokenPrivileges

ole32

CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantClear

wininet

InternetOpenA
InternetConnectA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA

msvcrt

_strlwr
memcpy
strlen
??3@YAXPAX@Z
__CxxFrameHandler
??2@YAPAXI@Z
_stricmp
_onexit
__dllonexit
memset

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE