24df824a7830b3fa3890ae740b20905b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

24df824a7830b3fa3890ae740b20905b_JaffaCakes118
Size

292KB
MD5

24df824a7830b3fa3890ae740b20905b
SHA1

922bf991a3e1c2080d8fd160f1f6bbcb8c1e551e
SHA256

45791930c3a8d6b18a6e032505015111148e118d8108de80cf4afabb4d1d7393
SHA512

b1140781644655125b7ba07b9b9bdbb2e673333bb660167ded29e92b4df5d02e119c70d2b195e6982c6af1bd03c4eb887fe0fbdfddbb727ff75a204051aa1674
SSDEEP

6144:FWMuYcfUCuV7i/xhqrfd3OwBwrtVOSMV6xQV016gaKN9OOY/oeC:4YccC87uhqrfkwBgV5KyPaKLMb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24df824a7830b3fa3890ae740b20905b_JaffaCakes118

Files

24df824a7830b3fa3890ae740b20905b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58fd9f9b3505a1f74d613ed3e55bc18c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
FindClose
WriteFile
SetLastError
CreateFileW
VirtualAlloc
GetLastError
GlobalLock
DeleteFileW
GetProcAddress
SetThreadPriority
ExitProcess
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualFree
VirtualProtect
Sleep
ReadProcessMemory
SetEvent
GetModuleHandleW
LockResource
GlobalDeleteAtom
SetFilePointer
lstrcpyW
FindFirstFileW
InterlockedIncrement
GetPrivateProfileStringW
WaitForSingleObject

user32

DestroyMenu
DestroyIcon
SetWindowPos
LoadImageW
PostThreadMessageW
DefWindowProcW
InvalidateRect
PostQuitMessage
RegisterHotKey
UpdateWindow
DispatchMessageW
SetCapture
wsprintfW
CreateWindowExW
GetCursorPos

gdi32

BitBlt
CreateCompatibleDC
LineTo
MoveToEx
GetStockObject
SetMapMode

advapi32

RegNotifyChangeKeyValue
RegQueryValueExW
LookupPrivilegeValueW
RegCloseKey

shell32

Shell_NotifyIconW

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE