17530e72a75eea947203210f76fc8437_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17530e72a75eea947203210f76fc8437_JaffaCakes118
Size

46KB
MD5

17530e72a75eea947203210f76fc8437
SHA1

4a8c20a5753ccd81f407c5f7cf8592e669031c93
SHA256

6110d3a0eeb5989ba9e397d60a0fcd7ba0d33fa8c921536a905edccf2f9735a2
SHA512

cabec458d42004d781db357b565d0d60cdb9a9661dea23bff40ca00285b5449a5cf106978a5124c314570da59f60ca254ebe40ae8620275823b3fe69dea923bc
SSDEEP

768:/Jo6mm8yZqfKN7xssJsRVpZyOooR1kSxDyl/KaavEkYXF73qCbh37ud3pQ3RNgB:hobmZ72lRVpliRKEkKd3q0h363qcB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17530e72a75eea947203210f76fc8437_JaffaCakes118

Files

17530e72a75eea947203210f76fc8437_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31254d02505494d982087761d551afe4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
AddAtomA
VirtualFree
ExitThread
FreeResource
FindAtomA
LockResource
GetModuleHandleA
FindResourceA
SizeofResource
LoadResource
GetProcAddress

user32

UnpackDDElParam
UpdateWindow
wvsprintfA
UnregisterHotKey
WindowFromPoint
WinHelpA
ValidateRect
WaitForInputIdle
VkKeyScanExA

advapi32

CryptGenRandom
CryptDecrypt
RegConnectRegistryA
CryptSetKeyParam
RegOpenKeyA
RegReplaceKeyA
CryptHashData

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 75B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ