26ffc379403c0bfc800ad5d25b5f5582_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26ffc379403c0bfc800ad5d25b5f5582_JaffaCakes118
Size

96KB
MD5

26ffc379403c0bfc800ad5d25b5f5582
SHA1

37314f4dbb309fe4bac5ee54e7bea97817ed4d72
SHA256

513b604e6ef8dcaefc1c8e39b4c470dcd8eb8e9d65e32b81c0ab72306fd82863
SHA512

18fe3b041afe5f0dcb3b24334dc0c2b36cbe03082e5e01aa8b785d003bb6c75fdb3f9ca694c584c609b1893a8129ce85f09a07b8511d50190787ff550231a3cc
SSDEEP

1536:enBB+OkbtiFPCJacdtswzr5mlaGEe2vece0rskpWB1IN5:eBLthktswP56jVhce04R1IN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26ffc379403c0bfc800ad5d25b5f5582_JaffaCakes118

Files

26ffc379403c0bfc800ad5d25b5f5582_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01b03c373a3024ddc4b28e942ac9a0b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
lstrlenW
SuspendThread
GetPrivateProfileStringW
GetProcAddress
Sleep
CloseHandle
GetCurrentThreadId
MultiByteToWideChar
WaitForMultipleObjects
FindResourceExW
SetFilePointer
SetWaitableTimer
GetModuleHandleW
GetLastError
MoveFileW
GetTickCount
LoadLibraryA
GetModuleFileNameW
ResumeThread
SetCurrentDirectoryW
DeleteFileW
GlobalAddAtomW
LoadLibraryW
GetDriveTypeW

user32

PostQuitMessage
GetParent
SystemParametersInfoW
SetForegroundWindow
SetDlgItemTextW
SetWindowPos
EndDialog
SetCursor
DialogBoxParamW
GetCursorPos
GetWindowThreadProcessId
FillRect
GetKeyState

gdi32

GetObjectW
DeleteDC
StretchBlt
CreateCompatibleBitmap
CreateICW
SetBkColor
CreateFontIndirectW
CreateCompatibleDC
DeleteObject

advapi32

RegSetValueExW
SetSecurityDescriptorDacl
RegCloseKey
GetUserNameW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
StartServiceW
RegNotifyChangeKeyValue

Sections

.tgksc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ryxgha
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ryai
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE