17ee921c87ad185f9411f339213763eb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17ee921c87ad185f9411f339213763eb_JaffaCakes118
Size

4KB
MD5

17ee921c87ad185f9411f339213763eb
SHA1

31b650fed6cc6784b3da703007db23b91c95c7c7
SHA256

8f01cbf86696d5be0adfecd173cfe28f40ce9758669274f61f3aea58531b3daf
SHA512

69ad04e38f095ff2b209e22612580903d7b2171bdd5428c59ab6b9edb19f0fd87bc99af96ea4c7a6cab3e9771a5a2c9f06596d867e3f8aab4fb6a5b011131001

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17ee921c87ad185f9411f339213763eb_JaffaCakes118

Files

17ee921c87ad185f9411f339213763eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

51172477ebf1473bdd2baf019e686c01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetModuleFileNameW
CreateEventA
WaitForSingleObject
WideCharToMultiByte
lstrcpyA
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
GetModuleHandleA
SetEvent
ExitThread
GetProcAddress
CreateThread
Process32First
CreateToolhelp32Snapshot
CompareStringA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

user32

PeekMessageA
CreateWindowExA
TranslateMessage
MsgWaitForMultipleObjects
DestroyWindow
DispatchMessageA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE