28709694f1f98e31b022c704d36cd500_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28709694f1f98e31b022c704d36cd500_JaffaCakes118
Size

281KB
MD5

28709694f1f98e31b022c704d36cd500
SHA1

93e7b1de621531cfbc62f80bef8788ce0fb39c60
SHA256

88df5c23dcfbf058485a4c2043251913f667aa94b0d3aa7ef663ee595fa83ec3
SHA512

63b9ace3e1c58e545c4d15a687a7c22446d41aeb43427fb09eb96e1f8b06a11a40f2b128c2b6743a6ae22e12c2fdc3258c45c6e52d276b079db2528619dc626e
SSDEEP

6144:90/yIeWIyOpAGFbsN0FS0YuatIcDEIa3i4hLmvc5kjPF1Pgh:XIeW5OpAG9bSDZ1YG4Z35+rP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28709694f1f98e31b022c704d36cd500_JaffaCakes118

Files

28709694f1f98e31b022c704d36cd500_JaffaCakes118
.exe windows:1 windows x86 arch:x86

afb91ce3e4bbfe2e68cea03af5c95a60

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

PostMessageA
SetWindowPos
KillTimer

kernel32

MoveFileA
MoveFileExA
VirtualProtect
WaitForSingleObject
VirtualFree
GetModuleHandleA
VirtualProtect
GetVersion
VirtualAlloc
CopyFileExW
CopyFileA
CreateThread
LoadLibraryA
GetLocalTime
GetLastError
SleepEx
ExitProcess
GetProcAddress
ExitThread

advapi32

RegOpenKeyW
RegEnumKeyExW
RegOpenKeyA

Sections

.data0
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ