439a0919647cb4ba94ba75d22cc26996_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

439a0919647cb4ba94ba75d22cc26996_JaffaCakes118
Size

146KB
MD5

439a0919647cb4ba94ba75d22cc26996
SHA1

84d0c4391cae6152a980735db319cce6371249a7
SHA256

2053babe21362430ccf0f9688897c05628c540d7a03256a8c5780dce8e08af6e
SHA512

4d7e50cd58d1eb2d83cca9f238ad8cb0b66c3c8668a96f23c0ebf3dc99966713602c2dc7e462a497df071d8b6fca6ad198168607b8f3c73903a0a54c8ed83dc1
SSDEEP

3072:5Qy9D6A6TNXbHrETqwyvoCzcLyH5fCF1qJxi3v8gWrc2tY0z6SpFQn2u3H4eB00h:px6AgNLgqlvoCQ+H4F1Yk3v8Brw0z6So

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
439a0919647cb4ba94ba75d22cc26996_JaffaCakes118

Files

439a0919647cb4ba94ba75d22cc26996_JaffaCakes118
.exe windows:1 windows x86 arch:x86

c85aa18f87725a2084bc9ae9f45d1744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetCurrencyFormatA
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetTickCount
IsDebuggerPresent
LoadLibraryA
ReadFile
SearchPathA
SuspendThread
SwitchToFiber
SwitchToThread
VirtualAlloc
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
FindResourceExW

user32

CheckDlgButton
EnableMenuItem
GetCursorPos
GetDlgCtrlID
GetMenu
GetSysColor
InvalidateRect
IsDlgButtonChecked
KillTimer
LoadAcceleratorsA
LoadCursorA
MoveWindow
SetWindowPos
TrackMouseEvent
TrackPopupMenuEx

advapi32

I_ScGetCurrentGroupStateW
RegEnumKeyA
RegLoadKeyA
RegOpenKeyExA
RegQueryValueA

gdi32

CreateBrushIndirect
DeleteObject
EndDoc
FillPath
GetDeviceCaps

Sections

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE