4031c542f49b4a8e56b64d804b5a5332_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4031c542f49b4a8e56b64d804b5a5332_JaffaCakes118
Size

161KB
MD5

4031c542f49b4a8e56b64d804b5a5332
SHA1

3c098700ba2b074a2bf3046443f3a07d93425b84
SHA256

3ac2741f0e428d06f64348c1eed347f080e2528f79b866f875fc267d8282c66f
SHA512

876f612da5d763fdde8b3abd798be47d31c3830389d563358335a777af94c9481a738a7c3bb480ec44911822368eaf6cfa74430b53524082a1cc24722c2ce508
SSDEEP

3072:6IjtsyFzrxQPdcfhqZQLOb/WRVv+YHDPC0BHxkZzDWpWbZgqQJIRVnPi:6Wts6zrxQFcfhwnWRV2YHDHHxkzDuqQo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4031c542f49b4a8e56b64d804b5a5332_JaffaCakes118

Files

4031c542f49b4a8e56b64d804b5a5332_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d4d5416852fb3add0b3d595271c4176

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA

msimg32

AlphaBlend
TransparentBlt

kernel32

CreateFileW
InterlockedIncrement
GetThreadIOPendingFlag
GetModuleFileNameA
WideCharToMultiByte
TransmitCommChar
CloseHandle
SetEndOfFile
MultiByteToWideChar
GetTempPathW
CompareStringW
EnumResourceNamesW
CompareStringA
GetLastError
GetProcAddress
CreateMutexA
InterlockedDecrement
SetStdHandle
FlushFileBuffers
WriteFile
ExitProcess
LoadLibraryA
FreeLibrary
IsBadReadPtr
LoadLibraryW
SetEnvironmentVariableA

user32

wsprintfA
GetTopWindow
GetKeyState
MessageBoxA
CharNextA
wsprintfW
CharUpperA
CharLowerA

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ