3a7c2996dac7f180209bae4c09e626e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a7c2996dac7f180209bae4c09e626e2_JaffaCakes118
Size

114KB
MD5

3a7c2996dac7f180209bae4c09e626e2
SHA1

2ea735ec83c5f9791b5053c2c6621e2559779cf3
SHA256

e2229b5955257932c993f68d22407045fbe9a98116b0726afba88c4e5608b72c
SHA512

8b557b0fb49519ae9725dd047576ab7ea2458399818e2870048f6bdd96107508a93e93ea14344446468a3572aac507371a459a6af0a1d69aaf3d1beebd619fdd
SSDEEP

3072:LM4LBTyvL9lCYFEbmlpdASNgnNtlIRWgHsnc:HcWGin7yH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a7c2996dac7f180209bae4c09e626e2_JaffaCakes118

Files

3a7c2996dac7f180209bae4c09e626e2_JaffaCakes118
.exe windows:1 windows x86 arch:x86

6397c0befe61f396fe094e6017b2b9c1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetCurrencyFormatA
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetTickCount
IsDebuggerPresent
LoadLibraryA
SearchPathA
SuspendThread
SwitchToFiber
SwitchToThread
VirtualAlloc
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
GetLocaleInfoW
EnumTimeFormatsW
CopyFileExW

gdi32

CreateBrushIndirect
DeleteObject
EndDoc
FillPath
GetDeviceCaps
SetBkColor
SetTextColor
StartDocA

user32

CheckDlgButton
EnableMenuItem
FindWindowExA
GetCursorPos
GetDlgCtrlID
GetMenu
GetSysColor
GetTopWindow
InvalidateRect
IsCharUpperA
IsDlgButtonChecked
IsWindow
KillTimer
LoadAcceleratorsA
LoadCursorA
MoveWindow
PeekMessageA
PostQuitMessage
SetCaretPos
SetWindowPos
SwitchDesktop
TrackPopupMenuEx
UpdateWindow

advapi32

RegEnumKeyA
RegLoadKeyA

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ