1727641db3b59fda181f7774153e5ed1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1727641db3b59fda181f7774153e5ed1_JaffaCakes118
Size

173KB
MD5

1727641db3b59fda181f7774153e5ed1
SHA1

8e164bb7758d50dc7baff16794bdf09580ec0ac7
SHA256

94841d5af6f2ae2e91bb7c3032dc9c0d2ee398383d12fb5de4666589b2b4d56e
SHA512

26957d1f731dc8eb92ef2f023b6cc6c381822c97a961496e3eb4ee68951c4fff58c9dc541313e4f3e14661138c8d671d9386e4e75f82a3942054dc655fc58ef8
SSDEEP

3072:bJ2Xgb9X3I12fB+TlhD5BHeSS1G5t0/5SzTxfT556eZ3nBzNrMvAzye:bJ+k7+TlhHHdAG5t0/szTl6eZ3BzGay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1727641db3b59fda181f7774153e5ed1_JaffaCakes118

Files

1727641db3b59fda181f7774153e5ed1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e3a7d70338fb23546a56f8eb664b547

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

user32

GetKeyState
wsprintfW
wsprintfA
CharUpperA
MessageBoxA
GetTopWindow
CharNextA
CharLowerA

kernel32

GetThreadIOPendingFlag
IsBadReadPtr
SetEndOfFile
CreateMutexA
WriteFile
CreateFileW
CompareStringW
LoadLibraryA
TransmitCommChar
InterlockedIncrement
MultiByteToWideChar
EnumResourceNamesW
FlushFileBuffers
CompareStringA
GetProcAddress
SetStdHandle
FreeLibrary
ExitProcess
GetTempPathW
WideCharToMultiByte
CloseHandle
GetLastError
InterlockedDecrement
GetModuleFileNameA
LoadLibraryW
SetEnvironmentVariableA

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ