34ba74c9723caf2f85b5ddd65019b942_JaffaCakes118 | Triage

Sharing

General

Target

34ba74c9723caf2f85b5ddd65019b942_JaffaCakes118
Size

60KB
MD5

34ba74c9723caf2f85b5ddd65019b942
SHA1

d1591ed7fc3f1ffd562a393469366900defdac4c
SHA256

689ad97418d86c855ceed8a1091e9d4ffbcaa72c9d3e9a9719ee00c64b7f418d
SHA512

239c41b831514d501c26e6fdb9ab25c7bf052fbdc5d2f138523f874abb1b2f879330ff42ff7406729318159e3940bfd4e266766a715f2d93fb0443735e139f87
SSDEEP

1536:dAe5I8h/Yuim/GExKITCJnP1OoWlAVKB3+z0eHT3X/l4j:dA8JYuV/GExKDh1OJiVkIN4j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34ba74c9723caf2f85b5ddd65019b942_JaffaCakes118

Files

34ba74c9723caf2f85b5ddd65019b942_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ae19b36f496b76df9fd6fc6162e8561

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
lstrcpynA
HeapReAlloc
DeviceIoControl
FindFirstFileA
TerminateProcess
GetCurrentDirectoryA
MulDiv
GetExitCodeThread
CompareStringA
GetTickCount
GetProcessHeap
GetFileTime
GetConsoleOutputCP
lstrcatA
ExitProcess
SetHandleCount
GetSystemDirectoryA

gdi32

GetTextExtentPoint32A
DeleteDC
CreatePen
SetROP2
SelectObject
RectInRegion
SetBkMode
LineTo
GetTextMetricsA

advapi32

QueryServiceConfigA
StartServiceA
QueryServiceStatus
RegOpenKeyExA
GetSidSubAuthority
RegQueryValueExA
ControlService
RegOpenKeyA

msvcrt

_exit
_wcsnicmp
__set_app_type
_ltow
_snprintf
_wsplitpath
qsort
strcpy

user32

GetWindow
CheckRadioButton
RedrawWindow
DrawFrameControl
ReleaseCapture
EmptyClipboard
GetMenu
CreateMenu
CallWindowProcA

ole32

OleSave
OleUninitialize
OleRegEnumFormatEtc
CoFreeLibrary
CoGetCurrentProcess
BindMoniker

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ