1911afbb3cf591215f59ddb9c8c8d0b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1911afbb3cf591215f59ddb9c8c8d0b3_JaffaCakes118
Size

168KB
MD5

1911afbb3cf591215f59ddb9c8c8d0b3
SHA1

aff404a64ca7ac42d43034b13a6f8e1f16c8f28c
SHA256

deb9ca3292ec3489ec17f0c6cd3680e0d41e0def2c4450394af5fc3e1bacfef9
SHA512

3ae64d98a207f6887ef03c55780ed853337ea62d04fb307be18beb1e3041a647c7d6bb920fde69b447f082fae31b25b9611169accaea0e778cca9fc40f74442d
SSDEEP

3072:a3QMF5Yyzi0CGh5Hin4+p2pbB1qji3hb5vaZ+vu9Tt+nwlsDtvKh3Ke7/kS2Z:a3lF5T5H04RptSixRaZXvmDtvK9Ke7/E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1911afbb3cf591215f59ddb9c8c8d0b3_JaffaCakes118

Files

1911afbb3cf591215f59ddb9c8c8d0b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1fb1c0e213ddbbb523e8a8e7e39a7576

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
CompareFileTime
HeapCreate
lstrlenA
LoadLibraryExA
GetVersion
WaitForSingleObject
SuspendThread
SetConsoleCP
GetConsoleCP
GlobalUnlock
GetTickCount
GetCommandLineA
GetStdHandle
GetSystemDefaultLangID
GetModuleHandleA
VirtualProtect
InterlockedExchange
GetAtomNameA
WaitForMultipleObjects
CloseHandle

user32

InsertMenuA
CreateIcon
EnableScrollBar
DrawCaption
GetKeyState
FindWindowA
IsDialogMessage
CreateMenu
GetDlgItem
GetCursorInfo
DragObject
SetWindowPos
SetPropA
CopyImage
SetScrollInfo
DestroyMenu
InvertRect
DialogBoxParamA
GetKeyboardLayout
DispatchMessageA
FillRect

advapi32

RegCloseKey
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA

apphelp

ApphelpCheckExe

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ