20dde2e6ab9946b79092b57709a759d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20dde2e6ab9946b79092b57709a759d9_JaffaCakes118
Size

15KB
MD5

20dde2e6ab9946b79092b57709a759d9
SHA1

2600c980e593666611a894d49a2953f5f1ce9fa7
SHA256

1cfc683a8e646976fc9bd89d71eedc685cbcfcfa7dcec6873b240234b2a6f217
SHA512

d95d9a1814e56570d85516a8fad7ec9e13af18ca31c5c897eb8437976f8bb14984cbb00dde7cae73a4b970af2ee44f21dfd7f5418708e71a3ef4c46b93e94c23
SSDEEP

384:pcyWzlY9vAF3P/iK6o4TiGH+CAzQ0kHWFSvWpCAa:pUys3XgH+CAzQ0kPiCAa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20dde2e6ab9946b79092b57709a759d9_JaffaCakes118

Files

20dde2e6ab9946b79092b57709a759d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

384460cb29f87431d38022ca83ad62ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
OpenProcess
DuplicateHandle
SetEvent
GetCurrentProcessId
LocalReAlloc
CloseHandle
CreateEventA
lstrcmpiA
GetCurrentThreadId
ExitProcess
GetCommandLineA
GetModuleFileNameA
lstrlenA
LocalAlloc
GetLastError
LocalFree
InterlockedDecrement
InterlockedIncrement
ResumeThread
CreateThread

user32

PostThreadMessageA
GetMessageA
CharNextA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA

ole32

CoGetInterfaceAndReleaseStream
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.uro
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE