3c9789e1ee979134439cd5049104cb88_JaffaCakes118 | Triage

Sharing

General

Target

3c9789e1ee979134439cd5049104cb88_JaffaCakes118
Size

49KB
MD5

3c9789e1ee979134439cd5049104cb88
SHA1

44957eb4b1dd6219db7abf2c579817d237e9e8f7
SHA256

05fb91f442ae1f7b1ee14d935fec13e9a68d1d8eae593a7af82a7a3239e2137b
SHA512

5131a3ba6aadc6547ce4b31c823ed9bcb13e23cc709024d4e6fd28c16756aa4fc62f5bdc95f15163822ee969be092be7b6d3e1f2e509356993760db48fd7ab47
SSDEEP

1536:8t9Wlg7w0P4EgmbJS6N+PmSSLounch18xt3djjr3s:i9aZ0PXNh9LVWKxXP3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c9789e1ee979134439cd5049104cb88_JaffaCakes118

Files

3c9789e1ee979134439cd5049104cb88_JaffaCakes118
.exe windows:5 windows x86 arch:x86

552f63a19bea452ee485928b41956267

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA

kernel32

FindClose

shlwapi

PathCombineW
PathFileExistsW
PathMatchSpecW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
StrStrW
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

EndDialog
GetKeyboardState
GetKeyState
GetWindowTextA
OpenDesktopA
PeekMessageA
SendMessageA
SetProcessWindowStation

Sections

.ehef
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pcn
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hkb
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ