3b2d8128b4d950087581cdad4677ebfd_JaffaCakes118 | Triage

Sharing

General

Target

3b2d8128b4d950087581cdad4677ebfd_JaffaCakes118
Size

558KB
MD5

3b2d8128b4d950087581cdad4677ebfd
SHA1

bdee3e27f33231a3b2a1e205948020f96ba87a4c
SHA256

3228cceff076a8700528c77fb39e0232563bac1e56b9a3653364d277df13177d
SHA512

f9cd08735bbbedee165eb0be38d9cb4dfbdb7e9bdf7fa2a9066df30fc7c11cd6a9e148aadd3ae6ab6b8eda6e9e934c0611d35eec75e3bbfb33d2c68ac43c7c09
SSDEEP

12288:due/9in8Psa7rN90UNZsTjExD/H+S5BJMggq4q/77eY:dQn8PsaH0WZs3Y+SDxjd1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b2d8128b4d950087581cdad4677ebfd_JaffaCakes118

Files

3b2d8128b4d950087581cdad4677ebfd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0c608d35548d14ddebf7a72f8c4aad8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
ExitProcess
GetCPInfo
GetModuleHandleA
GetProcAddress
LoadLibraryA
VirtualAlloc
VirtualFree

setupapi

SetupBackupErrorW
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiGetINFClassA
SetupCloseLog

user32

GetKeyState
GetKeyboardType
MessageBoxExW
RegisterClipboardFormatA
GetClipboardFormatNameA
RegisterDeviceNotificationW
ReleaseCapture
ToAsciiEx
ValidateRgn
VkKeyScanExW
EnumDesktopsW
EnumDesktopsA
RegisterDeviceNotificationA
EnumClipboardFormats
GetCaretPos

msvcrt

wcslen
exit
_cexit
__p__commode

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rata
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE