3a768766b1c7904db3ec069df94a24b0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a768766b1c7904db3ec069df94a24b0_JaffaCakes118
Size

245KB
MD5

3a768766b1c7904db3ec069df94a24b0
SHA1

127aa57f9a2b42f1f8e417fe2ad1fd8f44f9f127
SHA256

9290f1d58f3526530cb01ba0a79bd29df02b95b4b269ad567f1768311dea2d9d
SHA512

073c9909737f7e7e88b63bb05d2c9aa2aeddc97e626c68e9fd9090b4f6ea20e6b14f30ea17f44735e3c5172cb89e212a81fe7e3df168cd2b4945a31dcc460f97
SSDEEP

6144:j5uX/dmMISeYa8x6N2boiHKBBdbQt+6W4SrIpMzG/HHHHHHHHp:jEPdmXmQGKBBdb9X4HHHHHHHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a768766b1c7904db3ec069df94a24b0_JaffaCakes118

Files

3a768766b1c7904db3ec069df94a24b0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

04c2ab16a991c600d962a75053288a13

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
LoadLibraryA
FreeLibrary
TlsAlloc
GetDriveTypeA
DeleteFileA
GetProcessTimes
GetThreadPriority
Sleep
GetModuleFileNameA
GetCurrentThread
IsValidCodePage
GetModuleHandleA
GetCurrentThreadId
GetStartupInfoA
IsDebuggerPresent
CloseHandle
VirtualAlloc
GetCurrentProcess
GetCommandLineA
ExitThread

user32

GetDC
RegisterClassA
GetClassLongA
IsWindowVisible
ShowWindow
GetSystemMetrics
GetWindowDC
GetFocus
CreateWindowExA
UpdateWindow
GetWindowTextA
GetActiveWindow
GetWindowLongA
GetForegroundWindow
BeginPaint
GetWindow
OpenIcon
GetWindowTextLengthA
ReleaseDC

advapi32

IsTextUnicode
RegQueryValueExA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
VerLanguageNameA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ