41279fdf08bfd6662c3013968b49e089_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

41279fdf08bfd6662c3013968b49e089_JaffaCakes118
Size

113KB
MD5

41279fdf08bfd6662c3013968b49e089
SHA1

2cba968b36f0d60ccc3e1fd0ce4a55d605efdcb0
SHA256

dc6050176aa76332fc2c2034e9c758731fff83032690922dd3d7789ae8f95d72
SHA512

fa18110e6aee9345b964ba96709939bdb672a75f05e7ac47c4c9d4d950a7dd1d85c41eba9232140360fe9e6a13bed86607a891fda487d26e9e3f3ffc14294983
SSDEEP

3072:rBHlzvXs3x03deS6g5D7I55SYTcLryzSzv:rcxszM5p22zS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41279fdf08bfd6662c3013968b49e089_JaffaCakes118

Files

41279fdf08bfd6662c3013968b49e089_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bee4433a3da98cde31c31a2e9ecdabb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

kernel32

GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter

user32

GetActiveWindow
PostQuitMessage
SetWindowLongW
ShowWindow
TranslateMessage

Sections

.text
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ