17a69d44a71ccd418163f84b2dd9b62f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17a69d44a71ccd418163f84b2dd9b62f_JaffaCakes118
Size

13KB
MD5

17a69d44a71ccd418163f84b2dd9b62f
SHA1

1bcd89816a4a71e6ec0b9e687cbec012d4c9ec80
SHA256

445bce30ac7dd1d82d88049c20de06cf489d74d88282d6c1dbd00bd6aaffb348
SHA512

22a5e53650bb2bd758e44d9dcad8fd13110b3912f82cc19d9c99f2bbdcbe65817afed41ecde8da7e7d75e0a5bfdb4badb94610a5a000a1b59badd7f48c3a1e02
SSDEEP

192:I2U++lMWc46J/C8/fzbTPcDWVxfKpypkA0EePcZd60VUVkkkezmMDErOpXL4rxJd:I2v+lMFhDzbTPceAyplkfmMYTxm+a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17a69d44a71ccd418163f84b2dd9b62f_JaffaCakes118

Files

17a69d44a71ccd418163f84b2dd9b62f_JaffaCakes118
.exe windows:1 windows x86 arch:x86

602bf455051f208ecadd3b323cdcde64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

PostMessageA
RegisterWindowMessageA
GetActiveWindow
wsprintfA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
ExitProcess
ExitThread
GetCommandLineA
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
ReleaseMutex
SetConsoleCtrlHandler
SetEvent
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

dsetup

DirectXSetup

Sections

BEGTEXT
Size: 8KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 512B - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ