1c50b8420020527a8a8fddd9a1cdacb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c50b8420020527a8a8fddd9a1cdacb4_JaffaCakes118
Size

20KB
MD5

1c50b8420020527a8a8fddd9a1cdacb4
SHA1

2f84b988a2f9d14e11143352d5c0f007ef5cadaa
SHA256

9471540ce7a0658801dc5341fb5a57edc257574335d4fbd73325920a01247c5a
SHA512

1a948e6a4dacf311ee70cabf5847c752ce2dd57af8a80c330b3605a6fb095a047503380dfb77ce9d4f83fa45e7f3685256284b48fe9738f4acb6bfe0e6b2336b
SSDEEP

384:ztUYMlPF8cmTGsUS4Gw+v7UTw6AlT+WymHD5rMg/d/:h5Mt2BGfSw+7UTyiWyUrV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c50b8420020527a8a8fddd9a1cdacb4_JaffaCakes118

Files

1c50b8420020527a8a8fddd9a1cdacb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d43810e9f82c4094218fe3f7c502c353

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetDriveTypeA
CloseHandle
TlsAlloc
LoadLibraryA
GetModuleHandleA
GetThreadPriority
IsValidCodePage
GetStartupInfoA
GetCurrentProcess
IsDebuggerPresent
Sleep
GetModuleFileNameA
GetCommandLineA
GetCurrentProcessId
GetLogicalDrives
FreeLibrary
ExitThread
GetCurrentThreadId
GetProcessTimes
GetCurrentThread

user32

GetWindowTextLengthA
RegisterClassA
GetDC
GetWindowLongA
GetActiveWindow
GetSystemMetrics
ShowWindow
GetWindow
BeginPaint
GetClassLongA
OpenIcon
CreateWindowExA
GetForegroundWindow
GetFocus
UpdateWindow
GetWindowDC
GetWindowTextA
IsWindowVisible
ReleaseDC

advapi32

IsTextUnicode
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
GetUserNameA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerLanguageNameA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ