16608c58a34a80afc1f5754ee5cdf6b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16608c58a34a80afc1f5754ee5cdf6b0_JaffaCakes118
Size

381KB
MD5

16608c58a34a80afc1f5754ee5cdf6b0
SHA1

59389297aaec30d47bbaf8ba85ef4670af388902
SHA256

2f706f7fe43122c60513bd9012caf145e112b72f3dc969d4b32d18248485d953
SHA512

87d5949421b983eb1d9dbc53f5944a8d50c8c641e7440e208b92318366651002c23264e3a8ece1ccb6b5410b090b78d1d6a0502664bb03165ee9d7a1f8693b05
SSDEEP

6144:ohKTz1RMjt0HEAT1fxhcMxW2pL7lv6w2K/PkFtR6sFHYnHFWhTyHVEOSQTQiJY7:sGZRM+HEAJLjpFv6w2K/PkFtlVMHFWgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16608c58a34a80afc1f5754ee5cdf6b0_JaffaCakes118

Files

16608c58a34a80afc1f5754ee5cdf6b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7702f1327c6a30a96103f0d01f3209b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
GetCurrentProcessId
IsBadStringPtrW
CloseHandle
LoadLibraryW
GetDriveTypeA
FindClose
CreateEventW
GetCurrentThreadId
GetPrivateProfileStringA
WriteFile
InitializeCriticalSection
ReleaseMutex
GlobalFlags
ReleaseMutex
TlsGetValue
HeapCreate
lstrlenW
GetEnvironmentVariableW
LocalFree

user32

SetFocus
GetSysColor
GetKeyboardType
IsWindow
GetClassInfoA
DrawStateW
DrawTextA
GetClientRect
EndDialog
GetSysColor
CallWindowProcW
DispatchMessageA
CreateWindowExA

pnrpnsp

NSPStartup
NSPStartup
NSPStartup
NSPStartup
NSPStartup

advapi32

InitializeSid

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ