321ee09585cd893166aa79982ba76f18_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

321ee09585cd893166aa79982ba76f18_JaffaCakes118
Size

60KB
MD5

321ee09585cd893166aa79982ba76f18
SHA1

0b80ed937c6540f283e7824b24803afb7fa2f8a6
SHA256

0621b40565c08c4275a61bc0731ce7ef27241fed49fc65834960ea43a20f45c0
SHA512

92a9cd8eddb2204bc13cb4346fcf7e72f9e71c65606c4379f023b5c798256fc2496fb33235049338eb5d628c273ad2933d0d13014d0dd058f120e5693eddf3f3
SSDEEP

768:f+u5XxxGgzsdTFA49Q0ugRzl4KI+AyIu2ZvI9lbBqAoZSnNt9SOBR/zEmG:Wu5hQu6ReHgR9nIu2ZAHDHnhSmwmG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
321ee09585cd893166aa79982ba76f18_JaffaCakes118

Files

321ee09585cd893166aa79982ba76f18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5179d612846876c927e1032450a4611c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
VirtualAlloc
GetTickCount
MoveFileW
WaitForMultipleObjects
SetEndOfFile
LockResource
DuplicateHandle
CreateProcessW
SetEvent
GetProcAddress
FindFirstChangeNotificationW
lstrcpyW
VirtualFree
GetFileSize
FindFirstFileW
FindNextChangeNotification
FindResourceExW
CreateEventW
SizeofResource
LoadLibraryW
SetThreadPriority

user32

SetCapture
AppendMenuW
InvalidateRect
LoadCursorW
SystemParametersInfoW
WindowFromPoint
SendMessageW
MessageBoxW
ReleaseDC
GetSystemMetrics
LoadStringW
LoadBitmapW
TranslateMessage
IsDlgButtonChecked
SendDlgItemMessageW
FillRect
PostThreadMessageW

gdi32

CreateSolidBrush
CreateDCW
GetMapMode
CreateBitmap
DPtoLP
SetDIBits
CreateFontIndirectW
GetStockObject
CreateCompatibleBitmap
MoveToEx
SetBkMode
SelectObject
DeleteObject

advapi32

SetSecurityDescriptorDacl
GetUserNameW
RegCreateKeyExW

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE