0a6fc384b4c22aba5c996503edd54a54_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a6fc384b4c22aba5c996503edd54a54_JaffaCakes118
Size

7KB
MD5

0a6fc384b4c22aba5c996503edd54a54
SHA1

002d8a8ed5dd1e65faff5fc30abdbaaf0489062c
SHA256

43df1d22d19198f8e2d7de11632df530c02a20b7ae692253e991ca726f0ee959
SHA512

297d93ebb41aa08daac0ad8980622480ccf6c719b95fce87cbc22df85c125981fc597ab050f26b94e05cfa95984e5e23bddc94cb955ac24d441de22b583c53c9
SSDEEP

96:oUueYK+vaJ0NR+RGYvd/uakC6NvFAPY/abyzJD3JsXsojaW:obK+Y0qRGY1/DkCwDJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a6fc384b4c22aba5c996503edd54a54_JaffaCakes118

Files

0a6fc384b4c22aba5c996503edd54a54_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

e8d3d8a05238c01262dfac20f8510afc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UnhookWindowsHookEx
ToAscii
SetWindowsHookExA
GetWindowThreadProcessId
GetWindowTextA
GetMessageA
GetKeyboardState
GetKeyState
GetKeyNameTextA
GetForegroundWindow
GetClassNameA
CallNextHookEx

kernel32

GetSystemDirectoryA
GetTimeFormatA
IsDebuggerPresent
GetLastError
GetModuleHandleA
lstrcatA
WriteFile
WinExec
CloseHandle
CopyFileA
CreateFileA
CreateMutexA
CreateToolhelp32Snapshot
ExitProcess
GetComputerNameExA
GetDateFormatA
GetModuleFileNameA
GetLocalTime
Module32First

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
GetUserNameA

msvcrt

fflush
fopen
fprintf
fclose

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ