18f53df0c4b85a81b4fb892fb3bfaeb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18f53df0c4b85a81b4fb892fb3bfaeb8_JaffaCakes118
Size

17KB
MD5

18f53df0c4b85a81b4fb892fb3bfaeb8
SHA1

ae7c7106eb1520a165116701f814241888be10f3
SHA256

ebad37b2ea8b2c188cb35dbd1f5b2ab9a8855477265c30d9ea91fb02476ae998
SHA512

c4970bf9bffd43aceb68c1738add8679742277218529c1b0046ca4640302a34d10f01d20ebe92cb30b83499b37a0f08173f36094304144287f251db300c7b03e
SSDEEP

384:89Vz8WqLmFCaHXeykUzyA6mAWHTJYTP9U8qDUPakGd:89TGe3ey5yJsTWT1qbd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18f53df0c4b85a81b4fb892fb3bfaeb8_JaffaCakes118

Files

18f53df0c4b85a81b4fb892fb3bfaeb8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27933bf23a3e53bf1ba7b94a047ea220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ReadFile
CloseHandle
lstrcpyA
lstrcmpA
SetFilePointer
lstrlenA
MoveFileExA
ExpandEnvironmentStringsA
SetFileTime
GetCommandLineA
GetSystemDirectoryW
GetSystemDirectoryA
lstrcatA
GetLastError
GetProcAddress
VirtualAlloc
CopyFileA
LoadLibraryA
MoveFileA
SetCurrentDirectoryW
GetModuleFileNameA
lstrcatW
CreateMutexA
GetFileTime
GetFileSize
CreateFileA
VirtualProtect
CreateFileW
WriteFile
LoadLibraryW
GetModuleHandleW

user32

wsprintfA
PeekMessageA
FindWindowA

advapi32

RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

msvcrt

rand
memset
exit
_time64
printf
strstr
_tempnam
malloc
free
srand
memcpy

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE