153b2ce5ed8c4e7ece7e34e0faa6f206_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

153b2ce5ed8c4e7ece7e34e0faa6f206_JaffaCakes118
Size

282KB
MD5

153b2ce5ed8c4e7ece7e34e0faa6f206
SHA1

66c58ce3ffa0ff44950e2bd2cf2b0e6d2b78a839
SHA256

08018b541baf882d1425d3015e2d310fe5912c77b883b57d392257aa33e5154d
SHA512

8d77760efba1729e7c2f0b4c05b73c4908205c998041c5369b27b6320ac2b5800340863e03625ca5481760a7d2a4400f9836274ea6dd2a3f7d9307f57b1a69a4
SSDEEP

6144:tPCK9AIV8+3vko4UWDxjyaz6BNG+D+Pbhjesi1co:LGIV8OlgVxuNoPtmt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
153b2ce5ed8c4e7ece7e34e0faa6f206_JaffaCakes118

Files

153b2ce5ed8c4e7ece7e34e0faa6f206_JaffaCakes118
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

d36a666bc11e79ae77cc8c9f98a805e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetThreadPriority
CreateFileMappingA
GetCurrentThread
GetModuleHandleA
GetACP
HeapCreate
GetCurrentProcessId
InterlockedExchange
GetEnvironmentStringsA
CreateThread
IsDebuggerPresent
GetLogicalDrives
HeapDestroy
GetCommConfig
GetStdHandle
VirtualProtect
LoadLibraryExA
CreateHardLinkA
GetTimeFormatA
DeleteAtom

user32

GetTitleBarInfo
GetCursorPos
ReleaseDC
SetActiveWindow
FillRect
GetWindow
FrameRect
SetForegroundWindow
GetWindowTextLengthA
wsprintfA
DrawTextA
ShowWindow
DragDetect
GetFocus
GetParent
GetDlgItem
EndPaint
BeginPaint
GetClassNameA

advapi32

RegCreateKeyA
RegFlushKey
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyA

clbcatq

CoRegCleanup

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 976KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ