26bd68c03b0af976fa09fa99195d10b3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26bd68c03b0af976fa09fa99195d10b3_JaffaCakes118
Size

24KB
MD5

26bd68c03b0af976fa09fa99195d10b3
SHA1

470912b8d5fccc13ba1dd0d7ee403965c504ca07
SHA256

71aff0d44ff02ba6f245fa54d45dbd75982784137753c2bfd03ff0e6f32cde10
SHA512

f8ba832797d0311e62492931f68ca10038971b9bc925084b2126dfaa68f7c3a754a5dc9dbd72e8e175f8961619b97836aa0573a2e0afa878f2db5ad3d4921c6e
SSDEEP

384:AJzkQ4HUQU7KXrUKOKfRbPT0jC1fAROH6vg:AJpQqKfRrWC1fARv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26bd68c03b0af976fa09fa99195d10b3_JaffaCakes118

Files

26bd68c03b0af976fa09fa99195d10b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e940a4ab65aa13f534f1ef2c7bef53a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
Sleep
DeleteFileA
lstrcatA
lstrcpyA
GetCurrentProcess
GetProcessHeap
FindClose
FreeLibrary
GetModuleHandleW
GetProcAddress
CloseHandle
VirtualQuery
InterlockedExchange
ExitProcess
GetModuleHandleA
GetCommandLineA
HeapAlloc
HeapFree
SetEvent
WriteFile
OpenProcess
CreateEventA
GetLastError
CreateFileA
GetFileAttributesA
GetTempPathA
Process32First
CompareStringA
TerminateProcess
VirtualAlloc
HeapReAlloc
RtlUnwind

user32

wsprintfA
CharToOemA
MessageBoxA
ExitWindowsEx
GetParent
IsWindow
GetDesktopWindow

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

ShellExecuteA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE