26d94543a39c73b5549bc27575497176_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26d94543a39c73b5549bc27575497176_JaffaCakes118
Size

23KB
MD5

26d94543a39c73b5549bc27575497176
SHA1

0a5fb66e44d95dfd21dd12226426749f9b69dd6f
SHA256

2d496742abb0dae30f0aa262d36f0dedb2ffa0b537fa08e6aae496160514530d
SHA512

d5920857584868000f6e7b45f3a9975b0e58b8f72586646079d74dda864760c52c766b6f34ee9207f9bdc948a4d98c5ca5ec6790122f7d2793b319108b0f9948
SSDEEP

384:wt7XFKCe1W7Up1TDM+8I8ZCsZzLEGMuQDMGFjOG0C1GkkjVVVNaTL6PP+P:WX81WApd98rPZzP3QlFCLLiVP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26d94543a39c73b5549bc27575497176_JaffaCakes118

Files

26d94543a39c73b5549bc27575497176_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b60538ebc85b8ea8ea1a47e5eec4d57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
HeapDestroy
HeapCreate
InterlockedExchange
GetACP
GetModuleHandleA
GetEnvironmentStringsA
GetStdHandle
GetProcessVersion
GetCurrentThread
VirtualProtect
GetCurrentProcessId
GlobalMemoryStatus
GetTimeFormatA
LoadLibraryExA
CreateIoCompletionPort
IsDebuggerPresent
HeapQueryInformation
GetProcessHeap
GetTapeStatus
WaitForSingleObject

user32

SetActiveWindow
DragDetect
BeginPaint
SetForegroundWindow
GetParent
GetCursorPos
GetWindow
GetDlgItem
GetFocus
ShowWindow
GetClassNameA
GetTitleBarInfo
FrameRect
FillRect
GetWindowTextLengthA
wsprintfA
EndPaint
DrawTextA
ReleaseDC

advapi32

RegEnumKeyA
RegCloseKey
RegCreateKeyA
RegSetValueExA
RegFlushKey

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ