41377b2f8b94eb3df31a4c4a557f0194_JaffaCakes118 | Triage

Sharing

General

Target

41377b2f8b94eb3df31a4c4a557f0194_JaffaCakes118
Size

170KB
MD5

41377b2f8b94eb3df31a4c4a557f0194
SHA1

009666bb3521617e4a3b4da5528670d1a83fa034
SHA256

ce4ff16a3af9ba9a1111a73244732a110305b24dd80eeb57b79ef6a5c82ae2be
SHA512

cf39b31a41b89d5b0420afc3eec7e142fcd1d04a2484a3fbffcf8bed69ad87f6fc2210c2009d409d156876f99a86e794856420cb7aeaab7792097844f4714b2b
SSDEEP

3072:yiDAim01y//lD2NTzSf9nrRgvoJVvjQePaXZpI8kilSs6nFGU4HuVKf/B6Zo:yiDAiK//lSMKuVrQJXjkiQFGUeMk7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41377b2f8b94eb3df31a4c4a557f0194_JaffaCakes118

Files

41377b2f8b94eb3df31a4c4a557f0194_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d6194fedb503a16aa86df7b7321f555

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
LoadLibraryA
GetCurrentThread
GetStartupInfoA
GetCurrentThreadId
GetProcessTimes
GetCommandLineA
VirtualAlloc
CloseHandle
ExitThread
GetPriorityClass
ExitProcess
FreeLibrary
GetCurrentProcessId
GetCurrentProcess
GetLastError
GetModuleFileNameA
GetTickCount
GetProcessHeap
GetThreadPriority
GetModuleHandleA

user32

GetWindowDC
GetClassLongA
OpenIcon
GetForegroundWindow
GetWindowTextLengthA
GetDC
GetActiveWindow
BeginPaint
IsWindowVisible
GetFocus
UpdateWindow
CreateWindowExA
RegisterClassA
GetWindowTextA
GetSystemMetrics
ReleaseDC
ShowWindow
GetWindowLongA
GetWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
IsTextUnicode
GetUserNameA

version

GetFileVersionInfoA
VerQueryValueA
VerLanguageNameA
GetFileVersionInfoSizeA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE