21ae729168c04472d3573a7afc553807_JaffaCakes118 | Triage

Sharing

General

Target

21ae729168c04472d3573a7afc553807_JaffaCakes118
Size

164KB
MD5

21ae729168c04472d3573a7afc553807
SHA1

0dfa8f52cc9fd9600b3c2458b203a6d81467458d
SHA256

79491ea16d5a84975d613b4c42a96f52c66f8e7030f9dbb48e03da96ff8dd2f0
SHA512

e38306990d944381dc7fd7d8c82ce7963e0e97adf844c707ae5dd908fcc855ae7d9be320433c1d98d61738f73e9f5293e3e4113f8952ffbf43d2abf50231365e
SSDEEP

3072:Om7WiBfRXptiSo/dMLjm5UstDczLMD7nbWfJJg95aiMa:Om7xBZZ0S2dMLi5UstczLc7n6o9Qz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21ae729168c04472d3573a7afc553807_JaffaCakes118

Files

21ae729168c04472d3573a7afc553807_JaffaCakes118
.exe windows:4 windows x86 arch:x86

93b0f64fffbcd09ffbda394d94205b3d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

msimg32

AlphaBlend
TransparentBlt

kernel32

CreateFileW
GetThreadIOPendingFlag
GetLastError
InterlockedIncrement
WriteFile
SetEndOfFile
IsBadReadPtr
WideCharToMultiByte
TransmitCommChar
FreeLibrary
InterlockedDecrement
GetProcAddress
EnumResourceNamesW
LoadLibraryA
FlushFileBuffers
CloseHandle
GetModuleFileNameA
LoadLibraryW
ExitProcess
MultiByteToWideChar
SetStdHandle
CreateMutexA
GetTempPathW
CompareStringW
CompareStringA
SetEnvironmentVariableA

user32

CharUpperA
wsprintfW
wsprintfA
MessageBoxA
GetKeyState
CharNextA
GetTopWindow
CharLowerA

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ