21329868689271157220807927501d5b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

21329868689271157220807927501d5b_JaffaCakes118
Size

9KB
MD5

21329868689271157220807927501d5b
SHA1

d988f48b6543b84bc059d83ed71a65ada618499f
SHA256

182dee5c19df71ec9297c72c39e467940c087f9e50e24b833606b594e2b8d5a0
SHA512

1de83aeaa3350e45311e954d77f9c5271fe60ea99acf5d78ebecedcb84fbd07ffff51376b6864cc47961ff0b9732bf2fef00d7dc9e5bbd82698cbe99636472ce
SSDEEP

192:+MY1ar8ZWS4c9gfugyVW6YX/CEBe/crvH9Hygdsa8cG2gZf:+YrRVZugozYPCEBe0jdSgLg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21329868689271157220807927501d5b_JaffaCakes118

Files

21329868689271157220807927501d5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3c1bf83fa69fe1206fc58032433be7d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
DebugActiveProcess
ExitProcess
GetHandleInformation
GetUserDefaultLangID
LocalUnlock
SetComputerNameA
SetUnhandledExceptionFilter
TlsSetValue
_llseek

advapi32

AllocateLocallyUniqueId
CloseEventLog
CryptAcquireContextA
CryptHashSessionKey
GetMultipleTrusteeA
GetTokenInformation
GetTrusteeTypeA
IsValidAcl
LookupPrivilegeDisplayNameW
OpenProcessToken
QueryServiceConfigA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSaveKeyW

user32

AnyPopup
CheckMenuRadioItem
DdeKeepStringHandle
DeleteMenu
DragDetect
FillRect
GetClassLongW
GetCursor
GetCursorPos
GetMenu
GetMenuItemRect
GetMenuStringA
GetProcessWindowStation
GetWindowRect
IsChild
LoadCursorFromFileW
SetUserObjectInformationA
SetUserObjectSecurity
TrackMouseEvent
UnregisterHotKey

gdi32

ColorCorrectPalette
CreateColorSpaceA
CreateDiscardableBitmap
CreateFontIndirectW
DPtoLP
DeleteDC
GetFontData
GetRandomRgn
GetTextCharsetInfo
GetTextExtentPoint32A
SetMagicColors
UpdateICMRegKeyW

Sections

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE